|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread |
Rating: 
|
Display Modes |
06-14-2005, 05:20 AM
|
#1 |
|
Member (1 bit)
Join Date: Jun 2005
Posts: 1
|
Spyware help
I need help getting rid of this spyware ebates.
-Aware SE Build 1.06r1 Logfile Created on:Tuesday, June 14, 2005 5:17:51 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R50 13.06.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ebates MoneyMaker(TAC index:4):6 total references MRU List(TAC index:0):5 total references Tracking Cookie(TAC index:3):14 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 6-14-2005 5:17:51 AM - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 444 ThreadCreationTime : 6-14-2005 9:58:37 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 492 ThreadCreationTime : 6-14-2005 9:58:38 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 516 ThreadCreationTime : 6-14-2005 9:58:38 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 560 ThreadCreationTime : 6-14-2005 9:58:38 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 572 ThreadCreationTime : 6-14-2005 9:58:38 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 720 ThreadCreationTime : 6-14-2005 9:58:39 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 776 ThreadCreationTime : 6-14-2005 9:58:39 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 840 ThreadCreationTime : 6-14-2005 9:58:39 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 896 ThreadCreationTime : 6-14-2005 9:58:39 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 928 ThreadCreationTime : 6-14-2005 9:58:39 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1204 ThreadCreationTime : 6-14-2005 9:58:40 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1316 ThreadCreationTime : 6-14-2005 9:58:40 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:13 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1416 ThreadCreationTime : 6-14-2005 9:58:41 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : RUNDLL.EXE #:14 [tgcmd.exe] FilePath : C:\Program Files\support.com\bin\ ProcessID : 1424 ThreadCreationTime : 6-14-2005 9:58:41 AM BasePriority : Normal FileVersion : 5,5,402,0 ProductVersion : 5,5,402,0 ProductName : Support.com Scheduler and Command Dispatcher CompanyName : Support.com, Inc. FileDescription : Support.com Scheduler and Command Dispatcher InternalName : TGCMD LegalCopyright : Copyright 1997-2069 Support.com OriginalFilename : TGCMD.EXE #:15 [cthelper.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1432 ThreadCreationTime : 6-14-2005 9:58:41 AM BasePriority : Normal FileVersion : 1, 0, 1, 2 ProductVersion : 1, 0, 1, 2 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper Application InternalName : CtHelper LegalCopyright : Copyright (C) 2002-03 OriginalFilename : CtHelper.EXE #:16 [exp.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1448 ThreadCreationTime : 6-14-2005 9:58:41 AM BasePriority : Normal #:17 [wintask.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1456 ThreadCreationTime : 6-14-2005 9:58:41 AM BasePriority : Normal #:18 [setpo.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1464 ThreadCreationTime : 6-14-2005 9:58:41 AM BasePriority : Normal #:19 [nruppp.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1488 ThreadCreationTime : 6-14-2005 9:58:41 AM BasePriority : Normal #:20 [vidctrl.exe] FilePath : C:\WINDOWS\System32\vidctrl\ ProcessID : 1512 ThreadCreationTime : 6-14-2005 9:58:41 AM BasePriority : Normal #:21 [jlqmoxd.exe] FilePath : C:\WINDOWS\system\ ProcessID : 1548 ThreadCreationTime : 6-14-2005 9:58:41 AM BasePriority : Normal #:22 [sdbuery.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1556 ThreadCreationTime : 6-14-2005 9:58:41 AM BasePriority : Normal #:23 [wzqkpick.exe] FilePath : C:\Program Files\WinZip\ ProcessID : 1724 ThreadCreationTime : 6-14-2005 9:58:43 AM BasePriority : Normal FileVersion : 1.0 (32-bit) ProductVersion : 9.0 (6224) ProductName : WinZip CompanyName : WinZip Computing, Inc. FileDescription : WinZip Executable InternalName : WZQKPICK.EXE LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc OriginalFilename : WZQKPICK.EXE Comments : StringFileInfo: U.S. English #:24 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1968 ThreadCreationTime : 6-14-2005 9:58:49 AM BasePriority : Normal FileVersion : 6.14.10.7750 ProductVersion : 6.14.10.7750 ProductName : NVIDIA Driver Helper Service, Version 77.50 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 77.50 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:25 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1040 ThreadCreationTime : 6-14-2005 9:58:56 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:26 [wscntfy.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1268 ThreadCreationTime : 6-14-2005 9:58:56 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Security Center Notification App InternalName : wscntfy.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wscntfy.exe #:27 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 824 ThreadCreationTime : 6-14-2005 9:59:54 AM BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:28 [agentsvr.exe] FilePath : C:\WINDOWS\$NtServicePackUninstall$\ ProcessID : 1704 ThreadCreationTime : 6-14-2005 10:00:47 AM BasePriority : Normal FileVersion : 2.00.0.3422 ProductVersion : 2.00.0.3422 ProductName : Microsoft Agent Server CompanyName : Microsoft Corporation FileDescription : Microsoft Agent Server InternalName : AgentServer LegalCopyright : Copyright (C) Microsoft Corp. 1997-98 OriginalFilename : AgentSvr.exe #:29 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 312 ThreadCreationTime : 6-14-2005 10:01:41 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:30 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1900 ThreadCreationTime : 6-14-2005 10:17:47 AM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : "AC" Rootkey : HKEY_USERS Object : S-1-5-21-448539723-1284227242-725345543-1004\software\lq Value : AC Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@revenue[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:12 Value : Cookie:chad@revenue.net/ Expires : 6-10-2022 12:05:42 AM LastSync : Hits:12 UseCount : 0 Hits : 12 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@bluestreak[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:chad@bluestreak.com/ Expires : 6-12-2015 1:16:34 AM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@trafficmp[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:11 Value : Cookie:chad@trafficmp.com/ Expires : 6-14-2006 5:12:46 AM LastSync : Hits:11 UseCount : 0 Hits : 11 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@fastclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookie:chad@fastclick.net/ Expires : 6-4-2007 5:05:34 AM LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@as-us.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:8 Value : Cookie:chad@as-us.falkag.net/ Expires : 6-14-2006 5:06:42 AM LastSync : Hits:8 UseCount : 0 Hits : 8 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@mediaplex[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:chad@mediaplex.com/ Expires : 6-21-2009 7:00:00 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@servedby.netshelter[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:8 Value : Cookie:chad@servedby.netshelter.net/ Expires : 6-21-2005 5:12:54 AM LastSync : Hits:8 UseCount : 0 Hits : 8 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@tribalfusion[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:6 Value : Cookie:chad@tribalfusion.com/ Expires : 12-31-2037 7:00:00 PM LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:chad@doubleclick.net/ Expires : 6-13-2008 5:12:50 AM LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@ads.pointroll[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:16 Value : Cookie:chad@ads.pointroll.com/ Expires : 12-31-2009 7:00:00 PM LastSync : Hits:16 UseCount : 0 Hits : 16 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@serving-sys[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookie:chad@serving-sys.com/ Expires : 1-1-2038 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@z1.adserver[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:7 Value : Cookie:chad@z1.adserver.com/ Expires : 6-14-2006 5:17:58 AM LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@bs.serving-sys[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:chad@bs.serving-sys.com/ Expires : 1-1-2038 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : chad@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:chad@atdmt.com/ Expires : 6-12-2010 7:00:00 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 14 Objects found so far: 15 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Disk Scan Result for C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Disk Scan Result for C:\DOCUME~1\Chad\LOCALS~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 15 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 15 MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-448539723-1284227242-725345543-1004\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-448539723-1284227242-725345543-1004\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-448539723-1284227242-725345543-1004\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-448539723-1284227242-725345543-1004\software\nico mak computing\winzip\filemenu Description : winzip recently used archives Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ebates MoneyMaker Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : AT Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : AC Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : AD Ebates MoneyMaker Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\lq Value : AM Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 5 Objects found so far: 25 5:18:19 AM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:00:27.375 Objects scanned:56203 Objects identified:20 Objects ignored:0 New critical objects:20 Logfile of HijackThis v1.99.1 Scan saved at 5:20:29 AM, on 6/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\support.com\bin\tgcmd.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\System32\exp.exe C:\WINDOWS\System32\wintask.exe C:\WINDOWS\system32\setpo.exe C:\WINDOWS\system32\nruppp.exe C:\WINDOWS\System32\vidctrl\vidctrl.exe C:\WINDOWS\system\jlqmoxd.exe C:\WINDOWS\system32\sdbuery.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe O4 - HKLM\..\Run: [7sFQ33R] setpo.exe O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteetr32.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nruppp.exe reg_run O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKCU\..\Run: [MBw4RTdsR] sdbuery.exe O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe" O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1118730154188 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
|
|
|
06-14-2005, 09:35 AM
|
#2 |
|
Premium Member
Join Date: Jun 1999
Posts: 9,231
|
Hi Chad and welcome to PCMech..
A pointer on how to get help on these forums. You've posted an ~18 page/2700 word post about what two antispyware program has found on your computer - 2 minutes apart. Have you considered using Adaware to remove the entries? Before asking for help, why not use the programs to clean out what's infecting your PC (and there are a number of infections). It because increasingly diffficult to read your logs, which at this point are unsolicited, because we don't know what you've tried in the first place. Here's a few pointers 1) You've made a good start in using antispyware programs. Use Adaware and remove the suspicious entries 2) Download spybot search and destroy from http://security.kolla.de/ and run it as well 3) Now if you're still infected post the HJT logs for us and we will help you get rid of whatever else remains. |
|
|
|
|
06-14-2005, 06:23 PM
|
#3 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,776
|
Actually, read the sticky thread at the top of this forum about posting HJT logs. The guidelines are spelled out in there. ALL forums that analyze logs have guidelines for posting, and we are no exception. If you had done what you just did in some other forums, your post would have been deleted and you would have been banned.
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
