Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJack This log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJack This log

Unread postby pwilks » April 3rd, 2007, 8:56 am

Please help! It seems that I have the regristrycleanerxp malware and can't get rid of it! Here's the logfile:

Logfile of HijackThis v1.99.1
Scan saved at 8:54:06 AM, on 4/3/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\f91c8d81761d826e33f44f7c4a28e82a\update\update.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5584849593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5585339921
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Thank you for your help!!
pwilks
Active Member
 
Posts: 13
Joined: April 3rd, 2007, 12:01 am
Location: Detroit area
Advertisement
Register to Remove

This may help

Unread postby pwilks » April 3rd, 2007, 9:22 am

Forgot to mention in the initial message that Norton antivirus is also unable to complete a full scan. It hangs up midway through and the only way to stop it is to reboot. Any ideas?
pwilks
Active Member
 
Posts: 13
Joined: April 3rd, 2007, 12:01 am
Location: Detroit area

Unread postby NonSuch » April 8th, 2007, 9:49 pm

I'm sorry that your log has been overlooked. Unfortunately, when you post a reply to your own topic prior to it being "picked up" by a helper, your topic is automatically removed from our "0 replies list" where helpers look for topics that require help. Consequently, it falsely appears that you have received help when in actuality, you have not. If you still require help, please do the following:

There are indications in your log that important security updates have not been installed. That issue needs to be addressed prior to cleaning your system as, unless that situation is rectified, you will be unable to install security updates and it will not be possible to secure your system to any degree as it will just keep getting reinfected.

Accordingly, please run this diagnostic tool:
  • Download a diagnostic tool (MGADiag.exe) from >here< and save this to your Desktop.
  • Double-click on MGADiag.exe.
  • When the program has finished, click on the Validation tab and then click on Copy to Clipboard
  • Please post the results in your next reply.
In addition, please post a HijackThis Uninstall list...
  • Open HijackThis
  • Click on the "Open Misc Tools Section" Button
  • Click on the "Open Uninstall Manager" Button
  • Click on the "Save list" Button
  • Save the list to your Desktop
  • Copy and paste the contents into your next reply.

Post the above two reports and a fresh HijackThis log and we will see what needs to be done next.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby NonSuch » April 15th, 2007, 2:43 pm

Due to inactivity, this topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby ChrisRLG » April 22nd, 2007, 6:33 pm

reopened on email request.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Further information

Unread postby pwilks » April 24th, 2007, 9:53 am

Thank you so much for all your help. Here's the MSADiag file:

Diagnostic Report (1.7.0012.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Detailed Status: N/A
Windows Product Key: *****-*****-BRVBB-38MQ9-3PMFT
Windows Product Key Hash: 2V2VyxlfhiaCt/JkDzYQfiNOHMA=
Windows Product ID: 55277-OEM-2111907-00106
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: bb022b05-9edd-4b23-b1ba-6ad0a4c2ed79
Is Admin: Yes
AutoDial:
Registry: 0x0
WGA Version: Registered, 1.7.18.5
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic:
Resolution Status: N/A

Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
OGA Version: Failed to retrieve file version. - 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-3178-80070002

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>bb022b05-9edd-4b23-b1ba-6ad0a4c2ed79</UGUID><Version>1.7.0012.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><PKey>*****-*****-*****-*****-3PMFT</PKey><PID>55277-OEM-2111907-00106</PID><PIDType>2</PIDType><SID>S-1-5-21-220796541-1058405096-3560699294</SID><SYSTEM><Manufacturer>HP Pavilion 06</Manufacturer><Model>D7218P-ABA 774E</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>AM37308</Version><SMBIOSVersion major="2" minor="3"/><Date>20021216000000.000000+000</Date><SLPBIOS>HP PAVILION</SLPBIOS></BIOS><HWID>09FB31E70184205B</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Hewlett-Packard</name><model>Pavilion</model></SBID><OEM/></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{91130409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Small Business</Name><Ver>10</Ver><Val>A345DBCEEB2946A</Val><Hash>R3InJj77YvQudn2+9mRjJE2lneI=</Hash><Pid>54188-OEM-1792853-98581</Pid><PidType>4</PidType></Product></Products></Office></Software></GenuineResults>

Here is the HijackThis uninstall list:

Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Adobe® Photoshop® Album Starter Edition 3.0
AppCore
ArcSoft Software Suite
AV
Betty Bad
Blackhawk Striker
Blasterball 2
Blasterball Wild
ccCommon
Dark Orbit
Detto IntelliMover Demo
Disney's Lilo and Stitch Pinball
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
easy Internet sign-up
Freedom Security & Privacy
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp center
HP Digital Imaging Album Printing 1.0
HP Image Zone 4.2
HP Instant Support
HP Memories Disc
HP Photo and Imaging 1.1 - Photosmart Cameras
HP PSC & OfficeJet 4.2
HP Software Update
hp toolkit
Inactive HP Printer Drivers (Remove only)
Indeo® Software
Intel(R) 82845G Graphics Driver Software
Internet Worm Protection
InterVideo WinDVD 4
IPFax
KBD
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 3.1 (Symantec Corporation)
MarketBrowser
Men in Black II CROSSFIRE Trial Version
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 4.0 SP2 (KB927978)
MUSICMATCH Jukebox
MyDVD
News Rover
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
NVIDIA Windows 2000/XP Display Drivers
OneTouch Version 3.0
PaperPort 7.02
PC-Doctor for Windows
PigPen
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickPar 0.9
RealPlayer
RecordNow
RecordNow Update Manager
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
ShowBiz
Simple Backup for My Pictures
Simple Installer - Multilanguage Version
Snowboard Extreme
Sound Blaster Live!
Space Rocks
SPBBC 32bit
Symantec
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB920872)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Virtual Warfare
WeatherBug
WildTangent Channel Manager
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

And finally, the HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:52:52 AM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mamma.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-8.0.0.20/t ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.4.41/a ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/c ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-8.0.0.20/m ... -en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-8.0.0.20/p ... -en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-6.9.4.41/f ... -en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.0.20/p ... -en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.0.20/p ... -en_US.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5584849593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5585339921
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Thank you again!
pwilks
Active Member
 
Posts: 13
Joined: April 3rd, 2007, 12:01 am
Location: Detroit area

Unread postby NonSuch » April 24th, 2007, 1:05 pm

Your system now appears to be fully updated. :) That's an excellent first defense against malware. :)

Please print out a copy of the following instructions, or save them to a text document, so you will have them readily at hand even when you are offline and cannot access this forum.

Download RogueRemover by RubbeR DuckY from http://www.malwarebytes.org/RogueRemover.zip
  • Unzip to a convenient location such as C:\RogueRemover.
  • Navigate to the folder you unzipped the files to and double click on the file named RogueRemover.exe.
  • Finally, select Scan and the program will walk you through the remaining steps.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

  • If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
  • Reboot into Safe Mode, you can do this by restarting your computer, then continually tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Close ALL open Windows / Programs / Folders.

Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Post the AVG-AS scan report and a fresh HijackThis log back into this same topic, along with a full description of how your system is running now and any malware symptoms it may be showing.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

New info

Unread postby pwilks » May 1st, 2007, 9:45 am

I've run rogue remover but can't seem to get AVG anti-spyware to update itself. I'll keep working on that one, but here's a fresh hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:42:14 AM, on 5/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mamma.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-8.0.0.20/t ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.1.23/a ... -en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-8.0.1.23/v ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/c ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-8.0.0.20/m ... -en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-8.0.0.20/p ... -en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-6.9.4.41/f ... -en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.0.20/p ... -en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.0.20/p ... -en_US.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5584849593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5585339921
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

I do seem to be running better now without the annoying popups that were initially my problem.
pwilks
Active Member
 
Posts: 13
Joined: April 3rd, 2007, 12:01 am
Location: Detroit area

Unread postby NonSuch » May 1st, 2007, 10:34 am

Your HijackThis log appears to be clean; however, I would still like to see the results of an AVG Anti-Spyware scan. Since clicking on the AVG-AS update button does not appear to be working for you, please follow the procedure for manually downloading and applying the updates as given in my above instructions, then scan with AVG-AS and post the resulting log. Note that it's important to follow the instructions exactly as given so that AVG-AS can clean up all that it finds and create a log as well.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

got it!

Unread postby pwilks » May 2nd, 2007, 7:09 pm

Ok, here's the AVG log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:00:59 PM 5/2/2007

+ Scan result:



C:\Documents and Settings\Owner\Desktop\unused desktop\BigKahunaReefSetup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\unused desktop\cubisgold2-setup-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP128\A0016219.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP128\A0016220.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP134\A0016304.exe -> Backdoor.Rbot.bbd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP114\A0015025.exe -> Backdoor.VanBot.ax : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0GEEUJJ3\2_z[1].htm -> Dropper.Small.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0GEEUJJ3\cxasqwqpkii[1].htm -> Dropper.Small.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E4LILOYS\1_z[1].htm -> Dropper.Small.j : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dwwh.exe -> Proxy.Agent.mf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\onfpipl.exe -> Proxy.Agent.mf : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.575:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.357:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.576:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.577:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.516:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Information : Cleaned.
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.869:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.870:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.871:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dxwj9xov.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.368:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dxwj9xov.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dxwj9xov.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dxwj9xov.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dxwj9xov.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.308:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dxwj9xov.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.331:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.336:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.337:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.338:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.339:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.340:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.341:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.264:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.286:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Default User\Cookies\owner@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.276:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2g9m18p0.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Default User\Local Settings\Temp\V2ECFHc01244 -> Trojan.Renos.nak : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temp\lafD1.tmp -> Trojan.Renos.nak : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\V2ECFHc01244 -> Trojan.Renos.nak : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\lafD1.tmp -> Trojan.Renos.nak : Cleaned with backup (quarantined).


::Report end

And here's the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 3:08:30 PM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mamma.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-8.0.0.20/t ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.1.23/a ... -en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-8.0.1.23/v ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/c ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-8.0.0.20/m ... -en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-8.0.0.20/p ... -en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-6.9.4.41/f ... -en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.0.20/p ... -en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.0.20/p ... -en_US.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5584849593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5585339921
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Are we getting there? Thanks for all your help so far!
pwilks
Active Member
 
Posts: 13
Joined: April 3rd, 2007, 12:01 am
Location: Detroit area

Unread postby NonSuch » May 2nd, 2007, 8:53 pm

That looks much better, and you're very welcome. :)

AVG Anti-Spyware cleared out a lot. Now, let's clean out your temp folders and your restore points...

Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
Next, let's clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.

Now that your system is clean, please take a little time to read this short article by Tony Klein that will help you to keep it that way...

http://www.malwareremoval.com/forum/viewtopic.php?t=4959

And read this one for information on keeping your system properly updated... your first line of defense against malware. :)

http://malwareremoval.com/plog/index.php?blogId=8

Best of luck to you, and safe surfing. Image
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Thank You

Unread postby pwilks » May 3rd, 2007, 10:34 pm

I have followed all your instructions and now seem to be quite free from infection. Even some MS Office programs that I assumed were supposed to open slowly are now opening faster! I will certainly be sending in a donation! What does it take to become an advisor who evaluates the hijack this logs and advises posters on how to repair their systems? I might be interested in learning the trade!

Thank you again and I hope to contribute to this site in some way, just tell me how!!!
pwilks
Active Member
 
Posts: 13
Joined: April 3rd, 2007, 12:01 am
Location: Detroit area

Unread postby NonSuch » May 3rd, 2007, 11:07 pm

You're very welcome. I'm glad we were able to help. :)

If you are interested in joining the online Malware Removal University and learning how to fight malware, here is a link to an informative post that will tell you what to do and what to expect...

http://www.malwareremoval.com/forum/viewtop ... e5ed350891

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 329 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware