0

Hello, I was recently believing I was installing a Windows Media Codec but Spybot picked it up ad a v.codec Media 4 or something and other.. I tried to remove it with it, but the SpywareQuake Icon comes up and I tried to remove it with SmitfraudFix. That is gone, but Virus Alert! with an annoying 20-40 second pop-up remains here. I have Ewido, CCleaner, SmitfraudFix and HJT for if I need them in the removal process. Any help would be greatly appreciated:confused:


Thanks.

OutbreaK

2
Contributors
12
Replies
13
Views
11 Years
Discussion Span
Last Post by OutbreaK
0

Logfile of HijackThis v1.99.1
Scan saved at 3:54:04 PM, on 6/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\S3tray2.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\Junk\StealthBot v2.6R3.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Starcraft\StarCraft.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.20/WinSSWebAgent.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

0

Please check these items in HJT.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/

O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp (file missing)

Click Fix Checked.

________________________________________________________

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

_______________________________________________________

You say you have ewido already installed too? Please run that and save the log, and post that log, the smitfruadfix log, and a new HJT log, in your next reply.

0

HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:56:42 AM, on 6/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\S3tray2.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.20/WinSSWebAgent.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

SmitfraudFix Log:
SmitFraudFix v2.44

Scan done at 12:02:03.04, Wed 06/14/2006
Run from C:\Documents and Settings\Owner\Desktop\Junk\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation"

[HKEY_CLASSES_ROOT\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\System32\hzclqhc.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\System32\hzclqhc.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

I am not sure which report you needed, therefore I posted both. If these are still not the right ones, I will rerun and repost.

Ewido Process Report:


---------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------

+ Created on: 12:10:02 PM, 6/14/2006
+ Report-Checksum: 940D0EAB

0: System Process
4: System Process
260: C:\WINDOWS\System32\wdfmgr.exe
436: C:\Program Files\ewido anti-malware\ewidoctrl.exe
464: c:\Program Files\Norton AntiVirus\navapsvc.exe
528: \SystemRoot\System32\smss.exe
600: \??\C:\WINDOWS\system32\csrss.exe
624: \??\C:\WINDOWS\system32\winlogon.exe
668: C:\WINDOWS\system32\services.exe
680: C:\WINDOWS\system32\lsass.exe
848: C:\WINDOWS\system32\svchost.exe
948: C:\WINDOWS\System32\svchost.exe
1044: C:\WINDOWS\System32\svchost.exe
1116: C:\WINDOWS\System32\svchost.exe
1148: C:\Program Files\iPod\bin\iPodService.exe
1192: c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
1416: C:\WINDOWS\Explorer.EXE
1484: C:\WINDOWS\system32\spoolsv.exe
1616: C:\windows\system\hpsysdrv.exe
1632: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
1640: C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
1648: C:\HP\KBD\KBD.EXE
1792: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1852: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
1896: C:\WINDOWS\System32\WgaTray.exe
1944: C:\WINDOWS\System32\S3tray2.exe
1996: c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
2940: C:\Program Files\Mozilla Firefox\firefox.exe
2980: C:\WINDOWS\System32\wuauclt.exe
3684: C:\Program Files\ewido anti-malware\SecuritySuite.exe


Ewido Startup Report:

---------------------------------------------------------
ewido anti-malware - Startup report
---------------------------------------------------------

+ Created on: 12:10:15 PM, 6/14/2006
+ Report-Checksum: 5E9D7B17

Reg\HKLM\Run HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
Reg\HKLM\Run hpsysdrv c:\windows\system\hpsysdrv.exe
Reg\HKLM\Run Share-to-Web Namespace Daemon c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Reg\HKLM\Run CamMonitor c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Reg\HKLM\Run KBD C:\HP\KBD\KBD.EXE
Reg\HKLM\Run StorageGuard "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
Reg\HKLM\Run AutoTBar C:\hp\bin\autotbar.exe
Reg\HKLM\Run WCOLOREAL "C:\Program Files\Coloreal\coloreal.exe"
Reg\HKLM\Run Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
Reg\HKLM\Run nwiz nwiz.exe /install
Reg\HKLM\Run NAV CfgWiz c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
Reg\HKLM\Run ccApp "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Reg\HKLM\Run ccRegVfy "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Reg\HKLM\Run PS2 C:\WINDOWS\system32\ps2.exe
Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Reg\HKLM\Run AlcxMonitor ALCXMNTR.EXE
Reg\HKLM\Run iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run S3TRAY2 S3tray2.exe
Reg\HKCU\Run MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Shell\CommonStartup hp center UI.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk
Shell\CommonStartup hp center.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk
Shell\CommonStartup Quicken Scheduled Updates.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
Shell\CommonStartup WinZip Quick Pick.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk Hope this helps :-|

0

I need the ewido scan report. When it is done scanning, it will give you an option to save log. I would like to see that log, before we continue.

0

I hope this is it!:lol:

Ewido Scan Report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:00:31 PM, 6/14/2006
+ Report-Checksum: 34532C23

+ Scan result:

:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aqy2t5jr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup


::Report End

0

Looks clean to me :). You do need to update to Windows, Service pack 2. As of now you are running SP1, making you very vulnerable to attack. Not only does SP2 offer numerous more features, but tons more security! You also need to update IE. Or better yet, get firefox. Firefox is more secure, and offers many more features. To download SP2, you can get it from here.

http://www.microsoft.com/windowsxp/sp2/default.mspx

or Run windows update.

0

Looks clean to me

So there is no way to rid of this blinking sign that says Virus Alert! and the pop-up ever 40 seconds?

You do need to update to Windows, Service pack 2. As of now you are running SP1, making you very vulnerable to attack. Not only does SP2 offer numerous more features, but tons more security!

Yeah, I know. Just been dreading a long install. Silly me.:rolleyes:

You also need to update IE. Or better yet, get firefox. Firefox is more secure, and offers many more features.

Yeah, I know! It's great, I've had firefox for a few days.

Well, thanks Tayspen, so very much! I am still concerned about this popup activity. It's a little red Cancel sign and a blue circle with a white question mark inside. Even if I show no signs of being infected, is there something I can run to possibly flush it out?

Thanks again, you've been a big help thus far :)

0

I did run SmitFraudFix clean in safemode before I replied here, so that might of killed off something you should of seen. It alteast removed spywarequake or whatever. Well thanks

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.