MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Under attack from spyware and can't get out
April 08, 2020, 08:34:22 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 08, 2020, 08:34:22 PM

Login with username, password and session length
 Featured Sites:
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Under attack from spyware and can't get out  (Read 1360 times)
goldenboy
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


Bookmark and Share

View Profile
« on: April 21, 2006, 04:03:16 PM »

From everyone I have talked to, this is the place to be to get some help getting out of spyware problems.  I have run TrendMicro, Adware, and Spybot already and cleaned what I can from that, however, I still am having spyware pop out at me from everywhere.  Any help you could give me would be greatly appreciated.  Here is my HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 11:57:34 AM, on 4/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for

hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.

src"); (C:\Documents and Settings\Owner\Application

Data\Mozilla\Profiles\default\sw5eszuz.slt\prefs.js)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} -

C:\WINDOWS\system32\hp9F78.tmp
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program

Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint

Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program

Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common

Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common

Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program

Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program

Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital

Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft

Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop

Weather\DesktopWeather.exe"
O4 - Startup: spamsubtract.lnk = C:\Program

Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program

Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program

Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Post-it
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: April 22, 2006, 02:38:26 AM »

Hi
Before we start working with your log, you are running Hijack This from a temporary location. If we leave it where it is, backups will not be saved so lets move the file to it's own folder in C:\Program Files.Delete your HJT and  download HijackThis.  It will create a directory folder for you in C\Program files.


-------------------------------------------------------

It will help if you print out these instructions as you will be working in safe mode.Download all programs before starting the fix.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Download and unzip Avenger to your desktop. http://swandog46.geekstogo.com/avenger.zip


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu".

Launch Ewido Security Suite (there should be an icon on your desktop doubleclick it). The program will now go to the main screen. You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido.
 http://www.ewido.net/en/download/updates/ Do NOT run a scan yet.

Next, please reboot your computer in SafeMode by doing the following:
Restart your computer.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear.
Select the first option, to run Windows in Safe Mode.


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Run Ewido Security Suite now. Click on Scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido Security Suite

Reboot.........
--------------------------------------------------------------


1. Please download The Avenger to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote
C:\WINDOWS\SYSTEM32\winpdc32.dll



Note: the above code was created specifically for this user.  If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger
« Last Edit: April 22, 2006, 04:02:44 AM by Pancake » Logged

An Australian Member of

EDDY
goldenboy
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


Bookmark and Share

View Profile
« Reply #2 on: April 22, 2006, 12:28:25 PM »

Hi Pancake-

Thanks for helping out.  Everything was running fine until I ran Avenger.  When I tried to start the program after entering the Code above it gave me an error saying that the file does not appear to be a valid script, the error log follows:

//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Error:  selected file does not appear to be a valid script.
Error code: 0

Here is the log from smitRem:


   smitRem
Logged
goldenboy
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


Bookmark and Share

View Profile
« Reply #3 on: April 22, 2006, 12:30:03 PM »

and Ewdio (report is too long for 1 post, broken into 2)

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         8:05:48 AM, 4/22/2006
 + Report-Checksum:      C04C7820

 + Scan result:

   HKLM\SOFTWARE\Classes\Common.Buttons -> Adware.WebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
   [204] C:\WINDOWS\system32\winpdc32.dll -> Trojan.Agent.qt : Cleaned with backup
   [2024] C:\WINDOWS\system32\xenadot.dll -> Trojan.Fakealert : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
   :mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
   :mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
   :mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
   :mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
   :mozilla.212:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.214:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.233:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.239:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.241:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lfbawnzv.default\cookies.txt ->
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: April 23, 2006, 12:52:56 AM »

Did you run Ewido before running Avenger.Is so you would have got that error message because Ewido had deleted the file.


Can you now post a new HJT log please.
« Last Edit: April 23, 2006, 02:57:42 AM by Pancake » Logged

An Australian Member of

EDDY
goldenboy
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


Bookmark and Share

View Profile
« Reply #5 on: April 23, 2006, 06:10:41 PM »

Yes I did run Ewido before I ran Avenger.  Here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:08:51 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\Spyware Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =

http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.

src"); (C:\Documents and Settings\Owner\Application

Data\Mozilla\Profiles\default\sw5eszuz.slt\prefs.js)
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} -

C:\WINDOWS\system32\hp9F78.tmp (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program

Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint

Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program

Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common

Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common

Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program

Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program

Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital

Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft

Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop

Weather\DesktopWeather.exe"
O4 - Startup: spamsubtract.lnk = C:\Program

Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program

Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program

Files\interMute\PopSubtract\PopSub.exe
O4 - Global Startup: Post-it
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: April 24, 2006, 01:40:05 AM »

Run HJT and remove these entries and you should be good to go....

O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hp9F78.tmp (file missing)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)
Logged

An Australian Member of

EDDY
goldenboy
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


Bookmark and Share

View Profile
« Reply #7 on: April 24, 2006, 05:35:51 AM »

Done and done, thanks so much for your help
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #8 on: April 24, 2006, 08:32:46 AM »

Your welcome...I will now close this thread.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 20, 2018, 12:41:43 AM