Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » HJT Log - pop ups, spyware, etc..
Search Topic:
Uniqs:
535		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Up to 50 banks hit by ID theft! »
« HJT Log Pop Up Crazy  
AuthorAll Replies


jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs:
·Comcast
·Vonage

HJT Log - pop ups, spyware, etc..

I am installing a new DVD-RW in a "friend's" computer (some friend). Little did I know...this thing was polluted with viruses, trojans, spyware, etc.. I have most of it cleaned up via the HJT instructions. There are a few remaining pests. Any help would be greatly appreciated as always.

PANDA ACTIVESCAN RESULTS:
Incident                      Status                        Location
 *
 *
 *

Spyware:Spyware/Virtumonde    No disinfected                C:\Documents and Settings\Owne
 *r\Local Settings\Temp\Patch211.exe
 *
 *
Spyware:Spyware/Virtumonde    No disinfected                C:\Documents and Settings\Owne
 *r\Local Settings\Temp\Patch221.exe
 *
 *
Spyware:Spyware/Virtumonde    No disinfected                C:\Documents and Settings\Owne
 *r\Local Settings\Temp\Patch241.exe
 *
 *
Spyware:Spyware/Virtumonde    No disinfected                C:\Documents and Settings\Owne
 *r\Local Settings\Temp\Patch261.exe
 *
 *
Spyware:Spyware/Virtumonde    No disinfected                C:\Documents and Settings\Owne
 *r\Local Settings\Temp\Patch271.exe
 *
 *
Spyware:Spyware/Virtumonde    No disinfected                C:\Documents and Settings\Owne
 *r\Local Settings\Temp\Patch281.exe
 *
 *
Spyware:Spyware/Virtumonde    No disinfected                C:\Documents and Settings\Owne
 *r\Local Settings\Temp\Patch302.exe
 *
 *
Spyware:Spyware/BetterInet    No disinfected                C:\Documents and Settings\Owne
 *r\Local Settings\Temp\satmat.cab[satmat.inf]
 *
 *
Adware:Adware/IPInsight       No disinfected                C:\Documents and Settings\Owne
 *r\Local Settings\Temp\satmat.cab[satmat.exe]
 *
 *
Adware:Adware/IPInsight       No disinfected                C:\Documents and Settings\Owne
 *r\Local Settings\Temp\satmat.cab[satmat.ini]
 *
 *
Adware:Adware/Gator           No disinfected                C:\Documents and Settings\Owne
 *r\Local Settings\Temp\vmtemp.tmp[vmtemp.tmp]
 *
 *
Possible Virus.               No disinfected                C:\Program Files\TrojanHunter
 *4.2\Tools\Process Viewer\ProcessViewer.exe
 *
 *
Adware:Adware/Gator           No disinfected                C:\WINDOWS\Fonts\msurl.exe

(*) WARNING 13 long line(s) split
HJT LOG
  Logfile of HijackThis v1.99.1
Scan saved at 8:24:41 PM, on 8/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch
 *.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrc
 *h.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.co
 *m/fwlink/?LinkId=8116
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = loca
 *lhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\
 *Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft
 *Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - S
 *earch & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows Update] spools.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/
 *aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim
 *.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\M
 *icrosoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\M
 *essenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
 *C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program
 *Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://ww
 *w.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WI
 *NDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\Syst
 *em32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softe
 *x\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

(*) WARNING 17 long line(s) split


--
Support HR 1440 Or lose your rights to hear and see what you pay for!
to forum · permalink · · 2005-08-08 20:32:56 · Reply to this

justageek

join:2002-03-07
Marietta, GA

 1.) Get copies of Ad-Aware and Spybot S&D and update their definitions.

2.) If there isn't an AV solution there, get AVG or another freebie.

3.) Boot into Safe Mode

4.) Run Ad-Aware and Spybot and your AV solution

5.) Reboot and then repost your HJT.

Have fun.
to forum · permalink · · 2005-08-08 21:06:58 · Reply to this


jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs:
1 edit		 I think I already did all that, but will double check.
to forum · permalink · · 2005-08-08 21:10:05 · Reply to this


La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage

reply to jimeez
Please follow ALL the steps here BEFORE posting a HJT log:

»Security »I think my computer is infected or hijacked. What should I do?
--
~~~Now and forever, you are a part of me, and the memory cuts like a knife...~~~
to forum · permalink · · 2005-08-08 21:47:25 · Reply to this


jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs:
·Comcast
·Vonage

 I know I know I know. Believe me, I know! I've posted many of these and have been told many times. I just updated AVG and am in the process of re-scanning. Spybot and AdAware are both up to date.
--
Support HR 1440 Or lose your rights to hear and see what you pay for!
to forum · permalink · · 2005-08-08 21:49:05 · Reply to this


siggyx
Siggy
Premium
join:2003-12-10
Cambridge		reply to jimeez
There is more to the faq than those 3 applications.
to forum · permalink · · 2005-08-08 22:32:59 · Reply to this


jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs:
·Comcast
·Vonage
said by siggyx See Profile:

There is more to the faq than those 3 applications.
Holy sheep shit! I know this. Believe me I do.

I am not trying to be rude, but I followed every single line of the FAQ word for word. To a tee! I posted my results. I am re-scanning with AVG, which is the only thing I did not do. As soon as the scan is complete, I will post an updated HJT log.
--
Support HR 1440 Or lose your rights to hear and see what you pay for!
to forum · permalink · · 2005-08-08 22:39:33 · Reply to this


siggyx
Siggy
Premium
join:2003-12-10
Cambridge

1 edit		reply to jimeez
LOL dont mean to be rude either. Did you run Cwshredder, Ewido? Post a new log when your done and I will take a look
--
90% of sports is mental, the other half is physical
to forum · permalink · · 2005-08-08 22:47:34 · Reply to this


jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs:
·Comcast
·Vonage
said by siggyx See Profile:

LOL dont mean to be rude either. Did you run Cwshredder, Ewido?
NP...and yes, I did. I followed the FAQ line-byline, word-for-word. I will post when I get home from work tonight. Thanks for the help.
--
Support HR 1440 Or lose your rights to hear and see what you pay for!
to forum · permalink · · 2005-08-09 06:00:19 · Reply to this


jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs:
·Comcast
·Vonage

reply to jimeez
OK. AVG revealed (and did not repair) the following:
Downloader.Stubby
Dropper.Agent.8.B

Updated HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 9:16:47 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch
 *.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrc
 *h.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.co
 *m/fwlink/?LinkId=8116
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = loca
 *lhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\
 *Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft
 *Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - S
 *earch & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] spools.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/
 *aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim
 *.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\M
 *icrosoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\M
 *essenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
 *C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program
 *Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://ww
 *w.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisof
 *t\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AV
 *GFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WI
 *NDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\Syst
 *em32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softe
 *x\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

(*) WARNING 19 long line(s) split

--
Support HR 1440 Or lose your rights to hear and see what you pay for!
to forum · permalink · · 2005-08-09 21:21:46 · Reply to this


siggyx
Siggy
Premium
join:2003-12-10
Cambridge

reply to jimeez
Please download the tool from the link below and run it.

»securityresponse.symantec.com/av···nde.html

Next open task manager ctrl/alt/del and look for

spools.exe

Stop process on it if running.

Scan with hijackthis and put a check beside these lines and choose FIX

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »websearch.drsnsrch *.com/sidesearch.cgi?id=R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »websearch.drsnsrc *h.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = »go.microsoft.co *m/fwlink/?LinkId=8116R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = loca *lhost

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\RunServices: [Microsoft Windows Update] spools.exe

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program *Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.comO15 - Trusted Zone: *.musicmatch.com (HKLM)

Reboot to safe mode and look for and delete this file if present, make sure hidden files/folders are viewable. You will prob need to do a search for it. make sure it is exactly as named below as it is closely named to a legitimate file.

spools.exe ---file

While still in safe mode scan with Ewido again.

Reboot to normal mode scan with hijackthis and post a new log please.

spools.exe
--
90% of sports is mental, the other half is physical
to forum · permalink · · 2005-08-09 21:30:06 · Reply to this


siggyx
Siggy
Premium
join:2003-12-10
Cambridge

reply to jimeez
Also seems that this one may be a F/P

OK. AVG revealed (and did not repair) the following:
Dropper.Agent.8.B

»forum.grisoft.cz/freeforum/read.···age=,sv=
--
90% of sports is mental, the other half is physical
to forum · permalink · · 2005-08-09 21:33:31 · Reply to this


jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs:
·Comcast
·Vonage

reply to siggyx
said by siggyx See Profile:

Please download the tool from the link below and run it.

»securityresponse.symantec.com/av···nde.html
This one's taking a while. I'll finish up tomorrow night and post back. Thanks again.
--
Support HR 1440 Or lose your rights to hear and see what you pay for!
to forum · permalink · · 2005-08-09 21:58:43 · Reply to this


jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs:
·Comcast
·Vonage

reply to jimeez
Sorry this took so long.

HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 9:54:05 PM, on 8/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\
 *Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft
 *Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - S
 *earch & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/
 *aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim
 *.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\M
 *icrosoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://ww
 *w.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisof
 *t\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AV
 *GFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\secu
 *rity suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\securi
 *ty suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WI
 *NDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\Syst
 *em32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softe
 *x\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

(*) WARNING 14 long line(s) split

ewido Scan Report:
---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:8:37:26 AM, 8/10/2005
 + Report-Checksum:9B10C730

 + Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cl
 *eaned without backup
HKLM\SOFTWARE\Classes\Interface\{711648F0-5FF5-4C81-805E-A1AEDBAB4951} -> Spyware.SaveNow
 *: Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{20752C25-2D97-4E6F-9EE2-94B74D202875} -> Spyware.SaveNow :
 *Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{72892E8E-75DF-4CD2-BE11-E9A0077F44A8} -> Spyware.HotBar : C
 *leaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with ba
 *ckup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned w
 *ith backup
C:\Documents and Settings\Owner\Cookies\owner@a.tribalfusion[2].txt -> Spyware.Cookie.Trib
 *alfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[1].txt -> Spyware.Cookie.Abe
 *tterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[4].txt -> Spyware.Cookie.Abe
 *tterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yie
 *ldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> Spyware.Cookie.Addyn
 *amix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt -> Spyware.Cookie.Point
 *roll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Adverti
 *sing : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Clean
 *ed with backup
C:\Documents and Settings\Owner\Cookies\owner@bfast[1].txt -> Spyware.Cookie.Bfast : Clean
 *ed with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> Spyware.Cookie.Bluestre
 *ak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt -> Spyware.Cookie.Serv
 *ing-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> Spyware.Cookie.Burstnet :
 * Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> Spyware.Cookie.Casalem
 *edia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[2].txt -> Spyware.Cookie.Centrport
 * : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[1].txt -> Spyware.Cookie.Br
 *idgetrack : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@clickagents[2].txt -> Spyware.Cookie.Clickag
 *ents : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@counter2.hitslink[2].txt -> Spyware.Cookie.H
 *itslink : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> Spyware.Cookie.Co
 *remetrics : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doublec
 *lick : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4ggczeaq.stats.esomniture[2].txt ->
 * Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkykkajcaq.stats.esomniture[2].txt ->
 * Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Clea
 *ned without backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-bestbuy.hitbox[1].txt -> Spyware.Cookie.
 *Hitbox : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-chrysler.hitbox[2].txt -> Spyware.Cookie
 *.Hitbox : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> Spyware.Cookie.Fastclick
 * : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cle
 *aned without backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> Spyware.Cookie.Mediaplex
 * : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt -> Spyware.Cookie.Overture :
 * Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@paycounter[2].txt -> Spyware.Cookie.Paycount
 *er : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Cookie.Overt
 *ure : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt -> Spyware.Cookie.Qksrv : Clean
 *ed without backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Ques
 *tionmarket : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[1].txt -> Spyware.Cooki
 *e.Advertising : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> Spyware.Cookie.Serving
 *-sys : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> Spyware.Cookie.Statcou
 *nter : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@targetnet[2].txt -> Spyware.Cookie.Targetnet
 * : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp
 * : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> Spyware.Cookie.Tribal
 *fusion : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[2].txt -> Spyware.Cookie.Burstn
 *et : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[2].txt -> Spyware.Cookie.Yieldm
 *anager : Cleaned without backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserve
 *r : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00
 *\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@2o7[2].txt -> Spyware.Co
 *okie.2o7 : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@abetterinternet[1].txt -
 *> Spyware.Cookie.Abetterinternet : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt -
 *> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.pointroll[2].txt ->
 *Spyware.Cookie.Pointroll : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[1].txt -> Sp
 *yware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> Spyware.
 *Cookie.Atdmt : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@burstnet[1].txt -> Spywa
 *re.Cookie.Burstnet : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@casalemedia[1].txt -> Sp
 *yware.Cookie.Casalemedia : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@centrport[1].txt -> Spyw
 *are.Cookie.Centrport : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@clickagents[1].txt -> Sp
 *yware.Cookie.Clickagents : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[2].txt -> Sp
 *yware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[2].txt -> Spyw
 *are.Cookie.Fastclick : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[1].txt -> Spyw
 *are.Cookie.Mediaplex : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@servedby.advertising[2].
 *txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[1].txt -> S
 *pyware.Cookie.Tribalfusion : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@z1.adserver[1].txt -> Sp
 *yware.Cookie.Adserver : Cleaned without backup
C:\Documents and Settings\Owner\Local Settings\Temp\satmat.cab/satmat.exe -> TrojanDownloa
 *der.Stubby.d : Cleaned without backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll.tcf -> Spyware.Wheaterbug : Cleaned
 * without backup
C:\WINDOWS\Fonts\msurl.exe -> Adware.Gator : Cleaned without backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned without
 * backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll -> Spyware.WildTangent :
 *Cleaned without backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent : Clea
 *ned without backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll -> Spyware.WildTangent :
 *Cleaned without backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll -> Spyware.WildTangent : Clea
 *ned without backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned without backup

::Report End

(*) WARNING 71 long line(s) split

--
Support HR 1440 Or lose your rights to hear and see what you pay for!
to forum · permalink · · 2005-08-10 21:56:22 · Reply to this


siggyx
Siggy
Premium
join:2003-12-10
Cambridge		reply to jimeez
Looks good Running ok?
to forum · permalink · · 2005-08-10 23:01:31 · Reply to this


jimeez
Heads Are Empty
Premium
join:2002-04-28
Mount Holly Springs, PA
clubs:		 Sure is! Thank you for all the help!
to forum · permalink · · 2005-08-11 05:57:13 · Reply to this
Forums » Up and Running » Security » SecurityUp to 50 banks hit by ID theft! »
« HJT Log Pop Up Crazy  

Thursday, 10-Dec 22:29:41 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [200] Sprint Sued For Distracted Driving Death
· [136] AT&T Launching New 24 Mbps U-Verse Tier
· [87] AT&T Hints At Usage-Based iPhone Data Pricing
· [82] 3G Network Test Says AT&T Is Tops
· [75] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [72] Mediacom Unveils 105 Mbps Pricing
· [66] Sprint Poised For A Turnaround?
· [55] Average American Consumes 34 Gigabytes Daily
· [54] AT&T: iPhone Data Pricing Comments 'Taken Out Of Context'
· [51] The Future Of Wi-Fi Is Bright
Most people now reading
· New Mediacom Email [Mediacom]
· [WIN7] Well, I was dumb, but do I have recourse? [Microsoft Help]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· malware has been found hidden inside an Ubuntu screensaver [Security]
· ICC strats [World of Warcraft]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· Windows 7 boot manager editing questions [Microsoft Help]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· Using DIR-615 C1/3.01 with Trendnet TEW-652BRP in N Mode [D-Link]