Hijack this logfile

Morning

A work colleague was having major pop-up issues, ran ad-aware and spybot and it cleaned up a number of problems, PE_SALITY in particular. All seems to back to working order but I'd like to be sure. Here is a hijack log, I can't see too much wrong with it but I'd like to confirm

Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 4:58:45 PM, on 17/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\shadow\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Cole2k Media Toolbar Helper - {08825191-C3C7-44e9-8CA6-07AB521FA8F2} - C:\Program Files\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Program Files\LinkOptimizer\LinkOptimizer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Cole2k Media Toolbar - {015407A9-D183-4379-8452-DFD7C2297902} - C:\Program Files\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sbnc1.exe] C:\WINDOWS\TEMP\sbnc1.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [dmoaclee] C:\WINDOWS\System32\dmoaclee.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [dmoaclee] C:\WINDOWS\System32\dmoaclee.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O21 - SSODL: IEFilter - {ADAEA363-2447-4593-9475-967DD916004F} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: InCD Helper (read only) (InCDsrvR) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

Hi and welcome back, nice to see you helping out a friend.

Below you will find my results and recommendations. Please read ALL instructions carefully BEFORE proceeding.

Please follow these instructions, exactly, for proper HJT installation. Please place HJT into ITS OWN PERMANANT FOLDER. It also needs to be removed from the desktop.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. (C:\HJT\HijackThis.exe)Move HijackThis.exe into this folder. When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.

Please go to Add/Remove, and if found, uninstall the following:
LinkOptimizer
Cole2k Media Toolbar <<<---unless you installed this, no conclusive info found, if you know to be legit, please disregard any related instructions below.

Download Ewido Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
6. Under "Reports "
   • Select "Automatically generate report after every scan "
   • Un-Select "Only if threats were found "
   Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
   
   Reboot, into safe mode, this way:
   Turn on the computer
   Immediately begin tapping the <F8> key.
   Use the arrow keys to highlight Safe Mode and press the <Enter> key.
   
   Also, enable the 'Show Hidden Folders' option, like this:
   Click Start.
   Open My Computer.
   Select the Tools menu and click Folder Options.
   Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
   Uncheck the Hide protected operating system files (recommended) option.
   Click Yes to confirm.
   Click OK.
   
   IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
7. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
8. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
9. ewido will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
10. If you have any infections you will prompted, then select "Apply all actions "
11. Next select the "Reports" icon at the top.
12. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

Run Hijackthis and look over the following entries I have listed(if present), check the boxes next to them and press the "Fix Checked" button with HijackThis. When you are doing this, make sure you have No IE windows, or other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R3 - Default URLSearchHook is missing


O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: Cole2k Media Toolbar Helper - {08825191-C3C7-44e9-8CA6-07AB521FA8F2} - C:\Program Files\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll

O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Program Files\LinkOptimizer\LinkOptimizer.dll

O3 - Toolbar: Cole2k Media Toolbar - {015407A9-D183-4379-8452-DFD7C2297902} - C:\Program Files\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll


O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sbnc1.exe] C:\WINDOWS\TEMP\sbnc1.exe

O4 - HKLM\..\Run: [dmoaclee] C:\WINDOWS\System32\dmoaclee.exe

O4 - HKCU\..\Run: [dmoaclee] C:\WINDOWS\System32\dmoaclee.exe


O21 - SSODL: IEFilter - {ADAEA363-2447-4593-9475-967DD916004F} - C:\WINDOWS\system32\IEFilter.dll (file missing)

Search for, and delete, if found, the following files/folders:
C:\Program Files\Cole2k Media Toolbar<<<<---this folder
C:\Program Files\LinkOptimizer<<<<---this folder
C:\WINDOWS\TEMP<<<entire contents of this folder
C:\WINDOWS\system32\IEFilter.dll <<<--this file
C:\WINDOWS\System32\dmoaclee.exe<<<--this file

Reboot into Normal mode and post a new HJT log along with the Ewido log back into this thread please.

 

New logs as requested

Sorry I'm a bit slow in responding, hard to get organised

Ewido log:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:03:16 PM 19/08/2006

+ Scan result:



C:\Program Files\LinkOptimizer\LinkOptimizer.dll -> Adware.LinkOptimizer : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\81880.exe -> Downloader.Murlo.da : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winbwok.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\wineerm.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winesipt.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winfsfokq.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winhpiara.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winiabhxd.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winicywk.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\wininkgp.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\wininuk.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winjhdnl.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winkyfwtk.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winlywx.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winmsnc.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winotdfay.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winqvge.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winscfdc.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winseqivw.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\wintvvi.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winukcv.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winurdpcl.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winvnkql.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winwkgpqb.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Local Settings\Temp\winxhnbt.exe -> Proxy.Agent.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Cookies\shadow@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Cookies\shadow@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Cookies\shadow@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Cookies\shadow@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Cookies\shadow@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Cookies\shadow@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\shadow\Cookies\shadow@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sgahevyq.exe -> Trojan.Zapchast.ar : Cleaned with backup (quarantined).


::Report end

Hijack Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:39:46 PM, on 19/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\HJT\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: InCD Helper (read only) (InCDsrvR) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

Very good, the log looks clear, but it also looks as tho it was produced in safe mode, can we please get a log file in normal mode and let me know if you're experiencing any odd behavior.

 

Hijack log as requested

Hijack log in normal mode as requested. Computer is apparently back to normal and behaving itself. On the assumption that all is ok, thanks again

Logfile of HijackThis v1.99.1
Scan saved at 5:20:36 PM, on 20/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: InCD Helper (read only) (InCDsrvR) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

OK, guess it's just a machine without much running on it, all is good, time to get updated at MSWU.


One thing of Vital Importance, I notice your OS/IE is not properly updated, please go to the Windows Update page, and load up all 'Critical Updates'. As this will ensure your IE is as protected as is possible. Follow this link:
Windows Update Page

We have 3 more things to do, to help ensure you have removed all the little 'leftovers' which may be hiding:

Empty the TIF (Temporary Internet Files)
Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
The app below will help with temp files.
Index.dat Suite

Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

This would also be a good time to set a new system restore point for your machine.
Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion.

Here is a link which describes how security apps work with WIN XP machines.
XP User Accts Security Apps Operation

To further prevent the installation of ad/mal/spyware, DL the apps below, which are just as good the fight against ad/mal/spyware as AdAware & Spybot S&D:

SpywareBlaster
With SpywareBlaster v3.5.1 , just DL, install and check for updates, enable Internet Explorer protection, and your done! I don't recommend using IE restricted sites protection as it's not a very large database. Use IE-SPYADs below.

To avoid known malware infested sites from loading in IE install IESPY ADS.
And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

And to prevent unknown applications from being inserted to start up on your machine install WinPatrol v10.0.1.

Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

Links for tutorials for all the apps I mentioned can be found on my site as well.

Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
Calendar of Updates

Subscribe to update alerts for all the above security apps here.

You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
TeMerc Test Box Forum

Happy surfing!!
Tom

Due to resolution this topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.