Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old May 17th, 2006, 09:28 AM
Iceman87 Iceman87 is offline
Senior Member
 
Join Date: Aug 2004
O/S: Windows 7 64-bit
Location: Ottawa, Canada
Age: 36
Posts: 107
Grinding Halt and Brief Disconnects

Hi!

During the past few weeks I have been having some trouble with my comp. It began with just the internet being weird, slowing to a grinding halt, almost to the point of disconnecting me from the net (0.1b/s on Downloads). Then the internet connection would stay active but I would be disconnected from mIRC and my downloads would freeze after about 2 mins.

Now my computer has just become sluggish. explorer.exe is suddenly taking up 99 CPU on the taskmanager and doing anything becomes extremely hard to do because of the slow-down. I have ran multiple virus scans with AVGuard, Avast!, and McAfee and found no viruses. I also ran eWido, and SpyBot and found some malware but nothing lethal.

Here is my HijackThis log for anyone who may want to take a guess at what exactly seems to be going on with my rig.

Thanks to all who take the time to read my post

----

Logfile of HijackThis v1.99.1
Scan saved at 4:28:09 AM, on 5/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hrlphlrgjduuprnpovysmojpy...jY5nhrBRDR.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [E06AXLRD_247053875] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123063047443
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D50531A-3AC5-4A0C-BBE8-E95D956D931B}: NameServer = 206.47.244.90 67.69.184.135
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Thanks Again!
Reply With Quote
  #2  
Old May 17th, 2006, 11:26 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Howdy Iceman87,


Some portion of a Lop infection showing there, so let's make repairs.


To avoid it interfering with infection removal, open Ewido and in the main window click "Realtime protection" (in green indicating "Active") to change to inactive. While you have it open update it (but don't scan just yet).


Next run the below uninstallers (If your AV queries the download, allow it. It's not malicious).

http://lop.com/new_uninstall.exe
http://lop.com/toolbar_uninstall.exe


Reboot info Safe Mode (tap F8 at startup and select Safe Mode).

Run Ewido now. Click on scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido.

Then reboot. Run a new scan with HijackThis, and post that and the Ewido log back here for review please.
Reply With Quote
  #3  
Old May 18th, 2006, 05:09 AM
Iceman87 Iceman87 is offline
Senior Member
 
Join Date: Aug 2004
O/S: Windows 7 64-bit
Location: Ottawa, Canada
Age: 36
Posts: 107
Alright I did all you asked but forgot to save the eWido report.

Here is the current HijackThis log. I am still getting all my downloads interrupted and can't download a proper 50mb file from any site without it freezing....

Thanks Tom!

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:09:21 AM, on 5/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Webteh\BSplayerPro\bsplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [E06AXLRD_247053875] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123063047443
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D50531A-3AC5-4A0C-BBE8-E95D956D931B}: NameServer = 206.47.244.90 67.69.184.135
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Reply With Quote
  #4  
Old May 18th, 2006, 11:23 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Run the Ewido Safe Mode process again, and post back the report this time please. It can now at least show what it may have trouble with. Also, do you have the free, adware bundled version of BS Player (which is a known infection source)?
Reply With Quote
  #5  
Old May 22nd, 2006, 08:32 AM
Iceman87 Iceman87 is offline
Senior Member
 
Join Date: Aug 2004
O/S: Windows 7 64-bit
Location: Ottawa, Canada
Age: 36
Posts: 107
No I purchased the full version. Running the safe mode now, sorry for the delay, had a death in the family. Stay tuned...

Thanks Again

EDIT: Also, this is the message I am recieving in mIRC, * [10053] Software caused connection abort*

Last edited by Iceman87; May 22nd, 2006 at 08:35 AM.
Reply With Quote
  #6  
Old May 22nd, 2006, 09:54 AM
Iceman87 Iceman87 is offline
Senior Member
 
Join Date: Aug 2004
O/S: Windows 7 64-bit
Location: Ottawa, Canada
Age: 36
Posts: 107
Latest eWido Report

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:50:10 AM, 5/22/2006
+ Report-Checksum: 1A6451C5

+ Scan result:

:mozilla.7:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\e2xaoect.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Matt\Cookies\matt@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup


::Report End
Reply With Quote
  #7  
Old May 22nd, 2006, 09:56 AM
Iceman87 Iceman87 is offline
Senior Member
 
Join Date: Aug 2004
O/S: Windows 7 64-bit
Location: Ottawa, Canada
Age: 36
Posts: 107
Latest HiJackThis Report

Logfile of HijackThis v1.99.1
Scan saved at 4:52:49 AM, on 5/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Webteh\BSplayerPro\bsplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Matt\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [E06AXLRD_247053875] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123063047443
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D50531A-3AC5-4A0C-BBE8-E95D956D931B}: NameServer = 206.47.244.90 67.69.184.135
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Thanks Tom!

PS: I turned off the Windows FireWall and have not been disconnected from mIRC and non of my downloads have been disconnected.
Reply With Quote
  #8  
Old May 22nd, 2006, 05:18 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Could definitely be a firewall issue. Although Ewido had no finds on that second run, I am not too thrilled with the change in your search function there. Let's run some simple programs to make sure. Please do the following.


Download CWShredder from here and have it ready to use.

Then run CWShredder and hit the "Fix" button.


Then Download AboutBuster.zip from Here and unzip it to it's own folder.

When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts) and make sure that you can view hidden files and folders.

Close all open windows and run Hijack This again. Check the below entries and click on Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank

Close Hijack This and run AboutBuster (click on AboutBuster.exe). Select "Yes" to close Internet Explorer.

When the program opens, click the "Begin Removal" button. When the scan finishes, click "Exit". Run AboutBuster a second time. When the second scan is completed, locate the Ab LogFile.txt in the AboutBuster folder, open this with NotePad and post that log back in this thread when you have rebooted, along with a new HijackThis please.
Reply With Quote
  #9  
Old May 23rd, 2006, 06:02 AM
Iceman87 Iceman87 is offline
Senior Member
 
Join Date: Aug 2004
O/S: Windows 7 64-bit
Location: Ottawa, Canada
Age: 36
Posts: 107
Thanks again for the reply Tom. Here are the logs you requested.

AboutBuster 6.0
Scan started on [5/23/2006] at [12:54:17 AM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 12:56:45 AM

HiJackThis! Log File...

Logfile of HijackThis v1.99.1
Scan saved at 1:00:12 AM, on 5/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Matt\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [E06AXLRD_247053875] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE12\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123063047443
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D50531A-3AC5-4A0C-BBE8-E95D956D931B}: NameServer = 206.47.244.90 67.69.184.135
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Thanks Tom!
Reply With Quote
  #10  
Old May 23rd, 2006, 03:11 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Looking real good. How is your system running now? Let's check for remainders. Please do the following.


Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

Run this for Firefox as well (click Firefox, top of ATF Cleaner window).


Then
Go here for an online AV scan.

Scan "Local Disks" and when finished save the scan log and then post the log here.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Inconsistent Fan Grinding/Buzzing Smokey Hardware 4 December 5th, 2021 03:32 AM
My PC has ground to a halt - please help zortab Malware Removal 8 July 2nd, 2005 01:14 PM
slowing to a halt dmckean Malware Removal 3 April 23rd, 2005 05:35 AM
Slight Grinding Noise falcon1 Hardware 4 May 12th, 2004 11:16 PM


All times are GMT +1. The time now is 03:35 AM.