Options

Trojan Removal

Unknown
edited September 2006 in Spyware & Virus Removal
I also have the same problem. Can anyone please help. My hijack this log isLogfile of HijackThis v1.99.1
Scan saved at 8:12:23 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Kyle\My Documents\Unzipped\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

NOTE:Wangus I have moved your post into it's own thread away from rocky's as to avoid confusion in the future please start your own thread and not post in someone elses as that only creates confusion for the SVT helper :)

Comments

  • jmoney3457jmoney3457 Maine
    edited August 2006
    First download ewido anti-spyware from HERE and save that file to your desktop.
    1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need to run ewido and update the definition files.
    3. On the main screen select the "Update" icon then click "Start Update". The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close ewido anti-spyware and reboot your computer into Safe Mode.
    1. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
      IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
    2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
    3. Ewido will now begin the scanning process, be patient this may take a little time.
    4. Ewido will list any infections found on the left hand side. When the scan has finished, it should automatically set the recommended action to Quarantine--if not click on Recommended Action and set it there. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
    5. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
    6. Close ewido & post that report in your next reply
  • wangus34
    edited September 2006
    I really appreicate your help. How do I attach my report because it is too long to post.
  • jmoney3457jmoney3457 Maine
    edited September 2006
    no problem, to do the report as attach select the reply button and then right below the reply text box under "addtional options" click the manage attachments button then click browse select the report click upload then close the box and submit the reply:smiles:
  • wangus34
    edited September 2006
    here is my report I think I attached it
  • jmoney3457jmoney3457 Maine
    edited September 2006
    please do this next (in order):
    Make sure that you can see hidden files.
    1. Click Start.
    2. Click My Computer.
    3. Select the Tools menu and click Folder Options.
    4. Select the View Tab.
    5. Under the Hidden files and folders heading select Show hidden files and folders.
    6. Uncheck the Hide protected operating system files (recommended) option.
    7. Click Yes to confirm.
    8. Uncheck the Hide file extensions for known file types.
    9. Click OK.
    and then Please perform an online virus scan with F-Secure Online Scanner.

    Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-secure.com/enu/home/ols3.shtml
    • Click the F-Secure Online Scanner Next Generation Beta link.
    • When prompted, choose to install the software.
    • After the software has installed, click Accept.
    • Click Custom Scan and check the option for Scan inside archives, then click Start.
    • The necessary databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
    • If any infections are found then once the scan has finished the "cleaning" screen will be displayed. Choose Automatic cleaning (recommended).
    • After cleaning has finished, then the Finish screen will be displayed. Choose Show Report.
    • In order to post the report, press CTRL+A on your keyboard to highlight all the text. Then copy and paste that information into this thread, along with a new HijackThis log.
  • wangus34
    edited September 2006
    once again thanks soo much.
    Scanning Report
    Monday, September 04, 2006 16:42:32 - 18:13:05

    Computer name: WANGUS
    Scanning type: Scan system for viruses, rootkits, spyware
    Target: C:\
    Result: 1 malware found
    Windows (spyware)

    * System (Disinfected)

    Statistics
    Scanned:

    * Files: 22385
    * System: 4685
    * Not scanned: 5

    Actions:

    * Disinfected: 1
    * Renamed: 0
    * Deleted: 0
    * None: 0
    * Submitted: 0

    Files not scanned:

    * C:\PAGEFILE.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar.zip\nso72.tmp
    * C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareQuake.zip\dfrgsrv.exe
    * C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsActiveDesktop.zip\sbRecovery.reg

    Options
    Scanning engines:

    * F-Secure AVP: 6.0.171, 2006-09-04
    * F-Secure Libra: 2.4.1, 2006-09-02
    * F-Secure Orion: 1.2.37, 2006-09-01
    * F-Secure Blacklight: 1.0.31, 0000-00-00
    * F-Secure Draco: 1.0.35, 0259-24-212
    * F-Secure Pegasus: 1.19.0, 2006-07-29

    Scanning options:

    * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
    * Scan inside archives
    * Use Advanced heuristics

    Copyright © 1998-2006 Product support |Send virus sample to F-Secure
    F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

    here is my hijackthis log:
    Logfile of HijackThis v1.99.1
    Scan saved at 6:30:32 PM, on 9/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\RoamMgr.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\Program Files\Intel\Switching\User\RoamSvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Kyle\My Documents\Unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • wangus34
    edited September 2006
    my computer just found TROJ_Generic.Z. Can you please help me.
  • jmoney3457jmoney3457 Maine
    edited September 2006
    please fix the following lines in HJT (make sure NO windows/browsers other than hjt itself are open) then reboot-->O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
    and also i'd like to see another list from HJT:
    - Click the Config... button, then go to the Misc Tools section.
    - Click on Open Uninstall Manager. You'll see a list of programs.
    - Click on Save List...

    The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply along with a new log from hijackthis!
  • wangus34
    edited September 2006
    what do you mean by fix?
  • jmoney3457jmoney3457 Maine
    edited September 2006
    open hijackthis! click on do a system scan only>place a check mark next to entries (lines) I specified in my previous post then click on fix checked (its located on the bottom left side of the HJT screen) and continue with the rest of my instructions from my above post
  • wangus34
    edited September 2006
    Here they are.
    Logfile of HijackThis v1.99.1
    Scan saved at 1:18:07 PM, on 9/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\RoamMgr.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\Program Files\Intel\Switching\User\RoamSvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Documents and Settings\Kyle\My Documents\Unzipped\hijackthis_199\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    ABBYY FineReader 5.0 Sprint
    Ad-Aware SE Personal
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Flash Player 9 ActiveX
    Adobe Reader 7.0.8
    Adobe Shockwave Player
    Adobe® Photoshop® Album Starter Edition 3.0
    ALPS Touch Pad Driver
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Broadcom Driver Installer
    C-Major Audio
    Comcast High-Speed Internet Install Wizard
    Comcast Toolbar
    Dell ResourceCD
    Dell Solution Center
    Desktop Doctor
    DivX
    DivX Player
    DivX Web Player
    Easy CD Creator 5 Basic
    ewido anti-spyware 4.0
    FaxTools
    Guitar Pro 4
    Guitar Pro 5.0
    HijackThis 1.99.1
    Intel(R) PROSet
    InterVideo WinDVD
    J2SE Runtime Environment 5.0 Update 3
    Lexmark 1200 Series
    Microsoft Office XP Professional with FrontPage
    Microsoft Picture It! Photo 7.0
    Microsoft PowerPoint Viewer 97
    Microsoft Streets and Trips 2002
    Microsoft Word 2002
    Microsoft Works 2003 Setup Launcher
    Microsoft Works 7.0
    Microsoft Works Suite Add-in for Microsoft Word
    Mozilla Firefox (1.5.0.6)
    O2Micro Smartcard Driver
    Panda ActiveScan
    PCTEL 2304WT V.92 MDC Modem Drivers
    QuickSet
    QuickTime Alternative 1.69
    Security Toolbar
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    SigmaTel AC97 Audio Drivers
    Spybot - Search & Destroy 1.4
    Trend Micro PC-cillin Internet Security 2006
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB900930)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB887797
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WinZip
    XoftSpy
    Yahoo! Toolbar
  • jmoney3457jmoney3457 Maine
    edited September 2006
    please do the following (in order): fix the following line in HJT (being sure NO windows/browsers are open except for hjt itself)-->O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
     reboot and do the following:Next, your version of Sun Java is outdated and should be updated.
    • Download the offline installer from HERE.
      • Accept the License Agreement
      • Select "Windows Offline Installation, Multi-language".
      • Save the file to your Desktop.
    • Next, uninstall your currently installed version from Add or Remove Programs.
    • If you have older versions listed uninstall them also. If you simply update to the new version,
      it leaves the older version(s) still installed, complete with previous vulnerabilities.
      - Examples of older versions in Add or Remove Programs:
      • Java 2 Runtime Environment, SE v1.4.2
      • J2SE Runtime Environment 5.0
      • J2SE Runtime Environment 5.0 Update 2
    • Restart your system.
    • Install the new version by double-clicking on the file you downloaded.
    after doing all the above please post new hjt log
  • wangus34
    edited September 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 6:14:04 PM, on 9/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\RoamMgr.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Intel\Switching\User\RoamSvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Documents and Settings\Kyle\My Documents\Unzipped\hijackthis_199\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • jmoney3457jmoney3457 Maine
    edited September 2006
    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
  • wangus34
    edited September 2006
    Incident Status Location

    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.sexlist.com/]
    Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.cs.sexcounter.com/]
    Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.sextracker.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.as-us.falkag.net/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.overture.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.findwhat.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.adultfriendfinder.com/]
    Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.ct.360i.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.as-eu.falkag.net/]
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.ads.addynamix.com/]
    Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[counter.hitslink.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.com.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.paycounter.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.247realmedia.com/]
    Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[data.coremetrics.com/]
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[www.myaffiliateprogram.com/]
    Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.clickbank.net/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.qksrv.net/]
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.apmebf.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[server.iad.liveperson.net/hc/6633845]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.belnk.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.bravenet.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.ccbill.com/]
    Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.centrport.net/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\zl5p25g9.default\cookies.txt[.go.com/]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kyle\My Documents\smitRem\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kyle\My Documents\smitRem.exe[smitRem/Process.exe]
    Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.casalemedia.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.fastclick.net/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.casalemedia.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.fastclick.net/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.casalemedia.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.questionmarket.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.tribalfusion.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.doubleclick.net/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.tribalfusion.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.atdmt.com/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.adultfriendfinder.com/]
    Spyware:Cookie/cs.sexcounter Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.cs.sexcounter.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][ad.yieldmanager.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.realmedia.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.trafficmp.com/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.bluestreak.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.advertising.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.as-us.falkag.net/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.mediaplex.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.247realmedia.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.2o7.net/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.adrevolver.com/]
    Spyware:Cookie/AdDynamix Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.ads.addynamix.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.ads.pointroll.com/]
    Spyware:Cookie/Apmebf Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.apmebf.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.as-eu.falkag.net/]
    Spyware:Cookie/Atwola Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.atwola.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.belnk.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.bravenet.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.bs.serving-sys.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.burstnet.com/]
    Spyware:Cookie/Ccbill Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.ccbill.com/]
    Spyware:Cookie/CentrPort Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.centrport.net/]
    Spyware:Cookie/Com.com Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.com.com/]
    Spyware:Cookie/360i Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.ct.360i.com/]
    Spyware:Cookie/Go Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.go.com/]
    Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.overture.com/]
    Spyware:Cookie/Peel Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.peel.com/]
    Spyware:Cookie/Overture Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.perf.overture.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.statcounter.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][.zedo.com/]
    Spyware:Cookie/BurstBeacon Not disinfected C:\Program Files\support.com\backup\co\cookies.txt\79144_50beb475b_[cookies.txt][www.burstbeacon.com/]
    Adware:Adware/DollarRevenue Not disinfected C:\Program Files\support.com\temp\ComcastToolbar.exe[²ÜÇ\nsProcess.dll]
  • jmoney3457jmoney3457 Maine
    edited September 2006
    wangus please remove comcast toolbar via add/remove programs and reboot then clear out your temp internet files by doing this-->* Clean your Cache and Cookies in IE:
    • Close all instances of Outlook Express and Internet Explorer
    • Go to Control Panel > Internet Options > General tab
    • Click the "Delete Cookies" button
    • Next to it, Click the "Delete Files" button
    • When prompted, place a check in: "Delete all offline content", click OK
    * Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
    • Go to Tools > Options.
    • Click Privacy in the menu on the left side of the Options window.
    • Click the Clear button located to the right of each option (History, Cookies, Cache).
    • Click OK to close the Options window
      Alternatively, you can clear all information stored while browsing by clicking Clear All.
      A confirmation dialog box will be shown before clearing the information.
    * Clean other Temporary files + Recycle bin
    • Go to start > run and type: cleanmgr and click ok.
    • Let it scan your system for files to remove.
    • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
    • Press OK to remove them.
    then please return with a new HJT log
  • wangus34
    edited September 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 9:17:09 PM, on 9/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\RoamMgr.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Intel\Switching\User\RoamSvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Microsoft Works\MSWorks.exe
    C:\Documents and Settings\Kyle\My Documents\Unzipped\hijackthis_199\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • jmoney3457jmoney3457 Maine
    edited September 2006
    please fix the following lines in HJT (being sure NO windows/browsers except for hijackthis! itself are open) then reboot and post new hjt log along with how the pc is running now-->R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
  • wangus34
    edited September 2006
    Thanks again so much. My computer is working much better.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:12:45 PM, on 9/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\RoamMgr.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\Program Files\Intel\Switching\User\RoamSvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Microsoft Works\MSWorks.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Kyle\My Documents\Unzipped\hijackthis_199\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: RoamMgr - Intel Corporation - C:\WINDOWS\System32\RoamMgr.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • jmoney3457jmoney3457 Maine
    edited September 2006
    no problem glad to hear that can we mark this resolved?:)
Sign In or Register to comment.