Sysprotect/WinAntiVirusPro

Sam24 · Aug 23, 2006

I think its the vundo virus but I need help getting rid of it.

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:17:13 PM, on 8/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7476E215-A413-42D2-95D2-CFBD198C330b} - C:\WINDOWS\system32\jtrvnhvm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\pmnli.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [raqpv] C:\WINDOWS\System32\raqpv.exe
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [pwzo] C:\WINDOWS\system32\pwzo.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [3YQGsbG] C:\WINDOWS\wqwcikql.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124313467\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -
O20 - Winlogon Notify: ddabb - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnli - C:\WINDOWS\system32\pmnli.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Xeres · Aug 23, 2006

download VundoFix.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=4
Open VundoFix.exe
Put a check next to Run VundoFix as a task.
Prompt about close adn reopen. Click OK.
After reopen, click Scan for Vundo.
When finish, click Remove Vundo.
Prompt - remove. Click OK.
Your desktop will go blank as it starts removal.
Prompt for shutdown. Click OK.
Post new HijackThis log along with C:\vundofix.txt.

Sam24 · Aug 24, 2006

Logfile of HijackThis v1.99.1
Scan saved at 10:22:38 PM, on 8/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7476E215-A413-42D2-95D2-CFBD198C330b} - C:\WINDOWS\system32\jtrvnhvm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [raqpv] C:\WINDOWS\System32\raqpv.exe
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [pwzo] C:\WINDOWS\system32\pwzo.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [3YQGsbG] C:\WINDOWS\wqwcikql.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124313467\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -
O20 - Winlogon Notify: ddabb - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnli - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

VundoFix V6.1.2

Checking Java version...

Scan started at 4:02:30 PM 8/24/2006

Listing files found while scanning....

C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.ini2
C:\WINDOWS\system32\ilnmp.tmp
C:\WINDOWS\system32\fqcsrukr.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnli.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\ilnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilnmp.ini2
C:\WINDOWS\system32\ilnmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilnmp.tmp
C:\WINDOWS\system32\ilnmp.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\fqcsrukr.exe
C:\WINDOWS\system32\fqcsrukr.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.2

Checking Java version...

Scan started at 10:15:20 PM 8/24/2006

Listing files found while scanning....

C:\WINDOWS\system32\pmnli.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnli.dll Has been deleted!

Performing Repairs to the registry.
Done!

Niobis · Aug 24, 2006

Good!

Now go here http://free.grisoft.com/doc/1 and download Ewdio Anti-Spyware.

Make sure Spybot is up-to-date!

Install and update Ewdio.
Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu).
Run a scan with Spybot first.
Delete anything bad it finds.
Run a full scan with Ewdio.
When finished, save a log file from Ewdio.
Restart in normal mode.

Run a "Scan Only" with HijackThis. Check and Fix these if they remain.

[bold]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\system32\ddabb.dll (file missing)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\pmnli.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O15 - Trusted Zone: http://www.amaena.com

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com

O15 - Trusted Zone: http://scanner.sysprotect.com

O15 - Trusted Zone: http://*.systemdoctor.com

O15 - Trusted Zone: http://www.winantivirus.com

O15 - Trusted Zone: http://www.winantiviruspro.com

O15 - Trusted Zone: http://download.cdn.winsoftware.com

O15 - Trusted IP range: http://202.67.220.225

O15 - Trusted IP range: http://59.148.220.121

O15 - Trusted IP range: http://62.4.84.53

O15 - Trusted IP range: http://82.98.235.58

O15 - Trusted IP range: http://85.12.25.90

O20 - Winlogon Notify: ddabb - C:\WINDOWS\

O20 - Winlogon Notify: pmnli - C:\WINDOWS\ [/bold]

Make sure all windows are closed except HjT before clicking Fix.

Post back with the new HijackThis log along with the Ewdio log.

Xeres · Aug 24, 2006

Boot to safe mode;
Do a search for C:\WINDOWS\system32\pwzo.exe
C:\WINDOWS\wqwcikql.exe
C:\WINDOWS\System32\raqpv.exe
C:\WINDOWS\system32\jtrvnhvm.dll
If found delet them:
Reboot to normal mode Download CCleaner= www.majorgeeks.com/download4191.html
Run ccleaner
Run HJT scan and place a checkmark and fix all the lines below:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7476E215-A413-42D2-95D2-CFBD198C330b} - C:\WINDOWS\system32\jtrvnhvm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\pmnli.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [raqpv] C:\WINDOWS\System32\raqpv.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [pwzo] C:\WINDOWS\system32\pwzo.exe
O4 - HKLM\..\Run: [3YQGsbG] C:\WINDOWS\wqwcikql.exe
C:\WINDOWS\System32\msjava.dll (file missing)
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90

Unless you keep your Java script updated you will get reinfected

* Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8. http://java.sun.com/javase/downloads/index.jsp
* Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
* Click the "Download" button to the right.
* Check the box that says: "Accept License Agreement".
* The page will refresh.
* Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
* Close any programs you may have running - especially your web browser.
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check any item with Java Runtime Environment (JRE or J2SE) in the name.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each Java versions.
* Reboot your computer once all Java components are removed.
* Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version

Please post a new HJT

Niobis · Aug 24, 2006

C:\WINDOWS\System32\msjava.dll (file missing)
Click to expand...

You didn't see the whole entry.

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

[bold]It should NOT be fixed![/bold]

For these files:
C:\WINDOWS\system32\pwzo.exe
C:\WINDOWS\wqwcikql.exe
C:\WINDOWS\System32\raqpv.exe
C:\WINDOWS\system32\jtrvnhvm.dll

Your better off using KillBox. Download it here http://www.downloads.subratam.org/KillBox.zip

Restart your computer in safe mode.
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines [bold]one at a time[/bold] then click on the button that has the red circle with the X in the middle after you enter each file.
You will be prompted to confirm, click Yes.

[bold]C:\WINDOWS\system32\pwzo.exe

C:\WINDOWS\wqwcikql.exe

C:\WINDOWS\System32\raqpv.exe

C:\WINDOWS\system32\jtrvnhvm.dll [/bold]

Then, if they still remain in the log, Fix them with HijackThis.

Sam24 · Aug 25, 2006

Ewido if you can make it out:

<history>
- 
- <rec time="2006/08/25 17:13:14" user="Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/08/25 17:25:00" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\1104DC.tmp</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Dialer.JV</attr>
</rec>
- <rec time="2006/08/25 17:25:34" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\bbpnifrk.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:25:34" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\ccjdwiou.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:25:39" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\gupbimjl.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:25:39" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\hbjxchyy.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:25:55" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\OTddFV.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Istbar.GS</attr>
</rec>
- <rec time="2006/08/25 17:26:12" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\pgtegafp.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:26:24" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\vabpgqwt.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:26:25" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\xepbioqj.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:53:01" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\VundoFix Backups\DP.sys</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic.YKG</attr>
</rec>
- <rec time="2006/08/25 18:03:11" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\system32\agqcbfwl.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic.YKM</attr>
</rec>
- <rec time="2006/08/25 18:03:28" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\system32\esldjhjx.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Proxy.DWI</attr>
</rec>
- <rec time="2006/08/25 18:03:44" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\system32\lmxkxijc.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic.YKM</attr>
</rec>
- <rec time="2006/08/25 18:03:46" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\system32\mgkmmdrv.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic.YKM</attr>
</rec>
- <rec time="2006/08/25 18:04:07" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\system32\rdncnbgx.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic.YQR</attr>
</rec>
- <rec time="2006/08/25 18:04:28" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\system32\ycmjhneg.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic.YQR</attr>
</rec>
- <rec time="2006/08/25 18:06:56" user="Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">16</attr>
</rec>
</history>

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 8:08:57 PM, on 8/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7476E215-A413-42D2-95D2-CFBD198C330b} - C:\WINDOWS\system32\jtrvnhvm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [raqpv] C:\WINDOWS\System32\raqpv.exe
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pwzo] C:\WINDOWS\system32\pwzo.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [3YQGsbG] C:\WINDOWS\wqwcikql.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124313467\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Sam24 · Aug 25, 2006

PS: I deleted the ewido viruses...this is what I got after exporting the log:

- <history>
- 
- <rec time="2006/08/25 17:13:14" user="Owner" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2006/08/25 17:25:00" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\1104DC.tmp</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Dialer.JV</attr>
</rec>
- <rec time="2006/08/25 17:25:34" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\bbpnifrk.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:25:34" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\ccjdwiou.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:25:39" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\gupbimjl.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:25:39" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\hbjxchyy.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:25:55" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\OTddFV.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Istbar.GS</attr>
</rec>
- <rec time="2006/08/25 17:26:12" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\pgtegafp.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:26:24" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\vabpgqwt.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:26:25" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Owner\Local Settings\Temp\xepbioqj.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">PSW.Agent.BLC</attr>
</rec>
- <rec time="2006/08/25 17:53:01" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\VundoFix Backups\DP.sys</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic.YKG</attr>
</rec>
- <rec time="2006/08/25 18:03:11" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\system32\agqcbfwl.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic.YKM</attr>
</rec>
- <rec time="2006/08/25 18:03:28" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\system32\esldjhjx.dll</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Proxy.DWI</attr>
</rec>
- <rec time="2006/08/25 18:03:44" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\system32\lmxkxijc.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic.YKM</attr>
</rec>
- <rec time="2006/08/25 18:03:46" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\system32\mgkmmdrv.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic.YKM</attr>
</rec>
- <rec time="2006/08/25 18:04:07" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\system32\rdncnbgx.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic.YQR</attr>
</rec>
- <rec time="2006/08/25 18:04:28" user="Owner" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\system32\ycmjhneg.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Generic.YQR</attr>
</rec>
- <rec time="2006/08/25 18:06:56" user="Owner" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">16</attr>
</rec>
- <rec time="2006/08/25 18:34:04" user="Owner" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINDOWS\system32\agqcbfwl.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Generic.YKM</attr>
</rec>
- <rec time="2006/08/25 18:34:18" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\system32\agqcbfwl.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 19:01:39" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP493\A0259394.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Generic.YKM</attr>
</rec>
- <rec time="2006/08/25 19:45:43" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP493\A0259394.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Generic.YKM</attr>
</rec>
- <rec time="2006/08/25 20:11:11" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Owner\Local Settings\Temp\1104DC.tmp</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:11" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Owner\Local Settings\Temp\bbpnifrk.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:11" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Owner\Local Settings\Temp\ccjdwiou.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:11" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Owner\Local Settings\Temp\gupbimjl.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:11" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Owner\Local Settings\Temp\hbjxchyy.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:12" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Owner\Local Settings\Temp\OTddFV.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:12" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Owner\Local Settings\Temp\pgtegafp.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:12" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Owner\Local Settings\Temp\vabpgqwt.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:12" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Owner\Local Settings\Temp\xepbioqj.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:12" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\VundoFix Backups\DP.sys</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:12" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\system32\agqcbfwl.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:12" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\system32\esldjhjx.dll</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:12" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\system32\lmxkxijc.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:12" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\system32\mgkmmdrv.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:12" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\system32\rdncnbgx.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
- <rec time="2006/08/25 20:11:12" user="Owner" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\system32\ycmjhneg.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
</history>

Niobis · Aug 26, 2006

Fix these with HijackThis.

[bold]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: (no name) - {7476E215-A413-42D2-95D2-CFBD198C330b} - C:\WINDOWS\system32\jtrvnhvm.dll (file missing)

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - [/bold]

Then, with KillBox(link in my last post).

Restart your computer in safe mode.
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
You will be prompted to confirm, click Yes.

[bold]C:\WINDOWS\system32\pwzo.exe

C:\WINDOWS\wqwcikql.exe [/bold]

Then, [bold]if[/bold] they still remain in the log, Fix them with HijackThis.

Also, that's not the correct Ewdio log we was looking for.
Open Ewdio's Main Menu > click Reports > Find ths latest scan you ran and copy that log and post it here with a new HijackThis log.

Edit: double copy...

felanor · Aug 28, 2006

I am also having problems with the Sysprotect and WinAntiVirusPro. It seems that a HJT log is needed, so I will upload that. Any help that can be provided is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 3:32:32 AM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft MP\MpFilter\MSMPSVC.exe
C:\Program Files\Microsoft MP\MpFilter\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis_v1.99.1.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {16FA5541-B5AB-BC2D-A537-E62B5A93D5ED} -

C:\WINDOWS\system32\dgtz.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16FA5541-B5AB-BC2D-A537-E62B5A93D5ED} - C:\WINDOWS\system32\dgtz.dll

(file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp103.tmp

(file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {93277BF2-E225-40D6-9A14-B6D8FC87DDBA} - C:\WINDOWS\system32\ssqrq.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD

Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDP\VDTask.exe"

/AutoRestore
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe

/autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat

7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) -

http://dev.egloballibrary.com:2052/lib/pioneer/support/plugins/ebraryRdr.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) -

https://beta.windowsonecare.com/install/cli/1.0.0971.28/WinSSWebAgent.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149230

788046
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -

http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\winword.dll
O20 - Winlogon Notify: ssqrq - C:\WINDOWS\system32\ssqrq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winxtx32 - winxtx32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner -

C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program

Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) -

Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft MP\MpFilter\MSMPSVC.exe"

-n 4 (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe"

-f (file missing)

maca1 · Aug 28, 2006

Start a new thread felanor.

Sam24 · Aug 28, 2006

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:04:59 AM 8/27/2006

+ Scan result:

C:\Documents and Settings\Owner\Local Settings\Temp\res180.tmp -> Adware.180Solutions : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\res183.tmp -> Adware.180Solutions : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\drpB7.tmp\thnall1p.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\Owner\thin-172-1-x-x.exe -> Adware.BetterInternet : No action taken.
C:\WINDOWS\dhp2.dll -> Adware.DealHelper : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\uninstall.exe -> Adware.SurfAcc : No action taken.
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : No action taken.
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : No action taken.
HKU\S-1-5-21-845111821-2945968726-123628266-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SysProtect -> Adware.SysProtect : No action taken.
C:\VundoFix Backups\ddabb.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\ddaya.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\gebcd.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\jkklk.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\mljji.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\pmnli.dll -> Adware.Virtumonde : No action taken.
C:\VundoFix Backups\vtutu.dll -> Adware.Virtumonde : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~290251.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~296773.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~337526.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~353635.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~374764.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~444430.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~449704.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~454303.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~483071.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~507442.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~537041.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~582028.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~629668.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~651231.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~669056.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~689042.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~739090.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~739902.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~787080.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~788025.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~788878.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~794644.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~838268.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~846890.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~848225.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~856748.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~875254.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~908989.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~939261.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\adxapie.sys -> Backdoor.Genlot.DX : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CV3VQC55\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Program Files\DIGStream\__delete_on_reboot__d_i_g_s_t_r_e_a_m_._e_x_e_ -> Not-A-Virus.Downloader.Win32.DigStream.a : No action taken.
C:\VundoFix Backups\fqcsrukr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4LY74TEZ\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8LAV4TEF\SysProtectScannerInstall[1].cab/USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M0908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Centrport : No action taken.
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkoumc5mgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ehg-fxcm.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@paycounter[2].txt -> TrackingCookie.Paycounter : No action taken.
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@h.starware[1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@try.starware[1].txt -> TrackingCookie.Starware : No action taken.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\NI.UWA6P_0001_N56M1001\setup.exe -> Trojan.Fakealert : No action taken.
C:\WINDOWS\system32\kepqvjtv.exe -> Trojan.Small.ju : No action taken.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 9:27:09 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [raqpv] C:\WINDOWS\System32\raqpv.exe
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124313467\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Niobis · Aug 30, 2006

You didn't apply any actions. Therefore, nothing was cleaned.

Run Ewdio in safe mode again and set all items to delete then click "Apply All Actions".
Then click "Save Report".

Then post a fresh HijackThis log along with the new Ewdio log.

Sam24 · Sep 1, 2006

+ Created at: 8:00:27 PM 8/31/2006

+ Scan result:

C:\Documents and Settings\Owner\Local Settings\Temp\res180.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\res183.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\drpB7.tmp\thnall1p.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\thin-172-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\dhp2.dll -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\uninstall.exe -> Adware.SurfAcc : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddabb.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ddaya.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\gebcd.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\jkklk.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljji.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\pmnli.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\vtutu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~290251.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~296773.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~337526.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~353635.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~374764.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~444430.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~449704.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~454303.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~483071.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~507442.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~537041.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~582028.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~629668.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~651231.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~669056.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~689042.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~739090.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~739902.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~787080.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~788025.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~788878.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~794644.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~838268.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~846890.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~848225.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~856748.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~875254.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~908989.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~939261.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\adxapie.sys -> Backdoor.Genlot.DX : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CV3VQC55\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\VundoFix Backups\fqcsrukr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8LAV4TEF\SysProtectScannerInstall[1].cab/USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M0908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M1708NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkoumc5mgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ehg-fxcm.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\58wjh3wv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\NI.UWA6P_0001_N56M1001\setup.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kepqvjtv.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 5:16:31 PM, on 9/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [raqpv] C:\WINDOWS\System32\raqpv.exe
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124313467\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Niobis · Sep 1, 2006

Look in Add/Remove Programs for SysProtect Free. If there, uninstall it, restart your computer and post a new HijackThis log.

If it is not there get VundoBeGone http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Run VundoBeGone.exe
You may experience BSOD, this is normal.
Restart computer manually if needed.

Post new HijackThis log.

Sam24 · Sep 3, 2006

Couldn't find anything in the Add/Remove programs list or either vundo fix programs.

Vundo Be Gone:
[09/03/2006, 14:13:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Owner\Desktop\VirtumundoBeGone.exe" )
[09/03/2006, 14:13:24] - Detected System Information:
[09/03/2006, 14:13:24] - Windows Version: 5.1.2600, Service Pack 2
[09/03/2006, 14:13:24] - Current Username: Owner (Admin)
[09/03/2006, 14:13:24] - Windows is in NORMAL mode.
[09/03/2006, 14:13:24] - Searching for Browser Helper Objects:
[09/03/2006, 14:13:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/03/2006, 14:13:24] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/03/2006, 14:13:24] - BHO 3: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[09/03/2006, 14:13:24] - Finished Searching Browser Helper Objects
[09/03/2006, 14:13:24] - Finishing up...
[09/03/2006, 14:13:24] - Nothing found! Exiting...

and HJT:

Logfile of HijackThis v1.99.1
Scan saved at 2:51:24 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [raqpv] C:\WINDOWS\System32\raqpv.exe
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124313467\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Niobis · Sep 3, 2006

Remove this with HijackThis.

[bold]O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan[/bold]

And these are not needed. Fix them also.

[bold]O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) - [/bold]

This I think is the problem C:\WINDOWS\System32\raqpv.exe. Did you try deleting using Killbox?

If so, open HijackThis, click "Open the Misc Tools setion".
Under System Tools find and click, "Delete a file on reboot".
Find [bold]C:\WINDOWS\System32\raqpv.exe[/bold], select it and restart.

Rescan with HijackThis and and if O4 - HKLM\..\Run: [raqpv] C:\WINDOWS\System32\raqpv.exe sill remains find the file and try deleting manually.

If it still remains, tell me. The 04 entry SysProtect is what we NEED gone. Hopefully, HijackThis will fix. If not, follow the same instuctions as raqpv.exe, try deleting on reboot.

Let me how things go and how things are going on your computer. Are things better? Any symptoms?

Log in or Sign up

Sysprotect/WinAntiVirusPro

Sam24 Member

Xeres Member

Sam24 Member

Niobis Active member

Xeres Member

Niobis Active member

Sam24 Member

Sam24 Member

Niobis Active member

felanor Member

maca1 Regular member

Sam24 Member

Niobis Active member

Sam24 Member

Niobis Active member

Sam24 Member

Niobis Active member

Share This Page

Log in or Sign up

Sysprotect/WinAntiVirusPro

Sam24 Member

Xeres Member

Sam24 Member

Niobis Active member

Xeres Member

Niobis Active member

Sam24 Member

Sam24 Member

Niobis Active member

felanor Member

maca1 Regular member

Sam24 Member

Niobis Active member

Sam24 Member

Niobis Active member

Sam24 Member

Niobis Active member

Share This Page

Useful Searches