heydc Posted February 19, 2006 Report Share Posted February 19, 2006 I am also having a problem where Internet Explorer is loading the website "sweepstakes.com" instead of the desired site. I have run Adware SE Personal and Spybot with no success. I have run HiJack This and the log is shown below. I appreciate any help.Logfile of HijackThis v1.97.7Scan saved at 12:20:09 PM, on 2/19/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\mgabg.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\RioMSC.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\System32\Fast.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\System32\PDesk\PDesk.exeC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\WINDOWS\System32\taskswitch.exeC:\WINDOWS\System32\fast.exeC:\SCANJET\PrecisionScanPro\HPLamp.exeC:\Program Files\KFH\cl\launcher.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\program files\common files\system\mplay64.exeC:\program files\common files\system\ms2src.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\devldr32.exeC:\SCANJET\PrecisionScanPro\hpscnsvr.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exeC:\WINDOWS\system32\ntvdm.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Internet Explorer\iexplore.exeC:\DOCUME~1\Dave2\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exeC:\Program Files\Microsoft Office\Office10\WINWORD.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exeO4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exeO4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /AutolaunchO4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exeO4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeO4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exeO4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exeO4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /PO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [Windows Taskbar Manager] c:\documents and settings\all users\start menu\programs\startup\service.exe.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\mplay64.exe /noerrorinfoO4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exeO4 - HKLM\..\Run: [ms2src] c:\program files\common files\system\ms2src.exe /installO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: APC UPS Status.lnk = ?O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKEN2004\bagent.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O9 - Extra button: Yahoo! Services (HKLM)O9 - Extra button: AIM (HKLM)O9 - Extra button: Messenger (HKLM)O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dllO12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dllO12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dllO16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/download/b/d.../WebCleaner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...swflash5r42.cab Link to post Share on other sites
Dan Posted February 19, 2006 Report Share Posted February 19, 2006 Hi,You are using an outdated version of HijackThis. Please download HijackThis version 1.99.1 from here:http://besttechie.net/tools/HijackThis.exe make sure to unzip it to a permanent folder. Then please run HijackThis, click Scan and Save log, and post the new log here. Most of what HijackThis lists is harmless or essential to the system, so please to not make any manual changes.Danny Link to post Share on other sites
heydc Posted February 26, 2006 Author Report Share Posted February 26, 2006 Logfile of HijackThis v1.99.1Scan saved at 11:03:39 AM, on 2/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\mgabg.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\RioMSC.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\System32\Fast.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\System32\PDesk\PDesk.exeC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\WINDOWS\System32\taskswitch.exeC:\WINDOWS\System32\fast.exeC:\Program Files\KFH\cl\launcher.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\program files\common files\system\mplay64.exeC:\program files\common files\system\ms2src.exeC:\SCANJET\PrecisionScanPro\HPLamp.exeC:\WINDOWS\system32\ctfmon.exeC:\SCANJET\PrecisionScanPro\hpscnsvr.exeC:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Microsoft Office\Office10\WINWORD.EXEC:\Program Files\Messenger\msmsgs.exeC:\Installation Files\Spy Ware\hijack this\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exeO4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exeO4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /AutolaunchO4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exeO4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeO4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exeO4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exeO4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /PO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [Windows Taskbar Manager] c:\documents and settings\all users\start menu\programs\startup\service.exe.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\mplay64.exe /noerrorinfoO4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exeO4 - HKLM\..\Run: [ms2src] c:\program files\common files\system\ms2src.exe /installO4 - HKLM\..\Run: [HP Lamp] C:\SCANJET\PrecisionScanPro\HPLamp.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exeO4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: APC UPS Status.lnk = ?O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKEN2004\bagent.exeO4 - Global Startup: Share Scanner.lnk = C:\SCANJET\PrecisionScanPro\hpscnsvr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dllO12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dllO12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dllO23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Link to post Share on other sites
Matt Posted March 9, 2006 Report Share Posted March 9, 2006 Hi Heydc, I will be taking over for Danny as he will be out for a few days. Sorry for the delay.Since it has been a while since your last post, lets run a few things.Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Please download ewido anti-malware it is a free version of the program.Install ewido anti-malwareWhen installing, under "Additional Options" uncheck..Install background guardInstall scan via context menu[*]Launch ewido, there should be an icon on your desktop, double-click it.[*]The program will now open to the main screen.[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.[*]You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.[*]The update will start and a progress bar will show the updates being installed.(the status bar at the bottom will display ("Update successful")If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan will begin.You will be prompted to clean the first infection.Select "Perform action on all infections", then proceed.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop or a location where you can find it easily.Close ewido anti-malware.Now, please reply back with the Ewido Report, and a new HJT log.Matt Link to post Share on other sites
heydc Posted March 21, 2006 Author Report Share Posted March 21, 2006 Here are the two scans. thanks for your help!!================================================================== ewido anti-malware - Scan report--------------------------------------------------------- + Created on: 11:21:53 PM, 3/20/2006 + Report-Checksum: B8A1A4F4 + Scan result: :mozilla.57:C:\Documents and Settings\Aaron.COMPUTER-1-DEN\Application Data\Mozilla\Firefox\Profiles\6e2yg9k8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.58:C:\Documents and Settings\Aaron.COMPUTER-1-DEN\Application Data\Mozilla\Firefox\Profiles\6e2yg9k8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.59:C:\Documents and Settings\Aaron.COMPUTER-1-DEN\Application Data\Mozilla\Firefox\Profiles\6e2yg9k8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Aaron.COMPUTER-1-DEN\Cookies\aaron@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Aaron.COMPUTER-1-DEN\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Aaron.COMPUTER-1-DEN\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Aaron.COMPUTER-1-DEN\Cookies\aaron@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Aaron.COMPUTER-1-DEN\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Aaron.COMPUTER-1-DEN\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Aaron.COMPUTER-1-DEN\Cookies\aaron@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Amy\Cookies\amy@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Amy\Cookies\amy@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Amy\Cookies\amy@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\Amy\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\Amy\Local Settings\Temporary Internet Files\Content.IE5\K9EVWHUN\mplay64[1].exe -> Downloader.Agent.wp : Cleaned with backup C:\Documents and Settings\Dave2\Local Settings\Temp\lf_BDC.tmp -> Downloader.Agent.wp : Cleaned with backup C:\Program Files\Common Files\System\mplay64.exe -> Downloader.Agent.wp : Cleaned with backup C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1457\A0310269.exe -> Downloader.Agent.wp : Cleaned with backup C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1494\A0314919.exe -> Downloader.Agent.wp : Cleaned with backup C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP1500\A0315007.exe -> Downloader.Agent.wp : Cleaned with backup::Report End===================================================================Logfile of HijackThis v1.99.1Scan saved at 11:23:00 PM, on 3/20/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\mgabg.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\RioMSC.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\System32\Fast.exeC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\system32\devldr32.exeC:\WINDOWS\System32\PDesk\PDesk.exeC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\WINDOWS\System32\taskswitch.exeC:\WINDOWS\System32\fast.exeC:\Program Files\KFH\cl\launcher.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\program files\common files\system\ms2src.exeC:\SCANJET\PrecisionScanPro\HPLamp.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\SCANJET\PrecisionScanPro\hpscnsvr.exeC:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Microsoft Office\Office10\OUTLOOK.EXEC:\program files\common files\system\mplay64.exeC:\Program Files\Messenger\msmsgs.exeC:\Installation Files\Spy Ware\hijack this\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exeO4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exeO4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /AutolaunchO4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exeO4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeO4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exeO4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exeO4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /PO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [Windows Taskbar Manager] c:\documents and settings\all users\start menu\programs\startup\service.exe.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\mplay64.exe /noerrorinfoO4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exeO4 - HKLM\..\Run: [ms2src] c:\program files\common files\system\ms2src.exe /installO4 - HKLM\..\Run: [HP Lamp] C:\SCANJET\PrecisionScanPro\HPLamp.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exeO4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: APC UPS Status.lnk = ?O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKEN2004\bagent.exeO4 - Global Startup: Share Scanner.lnk = C:\SCANJET\PrecisionScanPro\hpscnsvr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dllO12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dllO12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dllO23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXEO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Link to post Share on other sites
Matt Posted March 21, 2006 Report Share Posted March 21, 2006 Welcome back!Please scan with HJT and place a check next to the following items:O4 - HKLM\..\Run: [Launcher] "C:\Program Files\KFH\cl\launcher.exe" /PO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [Windows Taskbar Manager] c:\documents and settings\all users\start menu\programs\startup\service.exe.exeO4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\mplay64.exe /noerrorinfoO4 - HKLM\..\Run: [ms2src] c:\program files\common files\system\ms2src.exe /installThen make sure all other applications and browser windows are closed, and click the Fix Checked button.Boot into Safe Mode:Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.Once in safe mode, find and delete the following files:c:\documents and settings\all users\start menu\programs\startup\service.exe.exec:\program files\common files\system\mplay64.exec:\program files\common files\system\ms2src.exeAnd find and delete the following folders:C:\Program Files\KFH\cl\C:\Program Files\Viewpoint\Finally, reboot your computer normally, rescan with HJT and post a new log. Link to post Share on other sites
Matt Posted April 5, 2006 Report Share Posted April 5, 2006 Inactive topic...If you still need help on this problem, contact me or one of the Moderators to re-open this up.Topic closed. Link to post Share on other sites
Recommended Posts