Jump to content

pest trap spyware help :(


keldron

Recommended Posts

I have huge problem I left my house for a week ( summer vacation ) and my cousin suppose to look after it . He has 16 year old son whom I granted permission to use my pc while I'm gone and when I got back my PC had so much spyware and adware and god only knows what else that it took me a while to get rid of most of it ... at the same time there is this one thing I can't get rid off for the life of it . From what I gathered it's some kind of spyware called Pest Trap . I ran spybot search and destroy as well as ADaware but they seem to detect the problem ( i click fix the problem option ) but the problem shows up again after I restart my PC .

Here is my HijackThis log ( maybe that will help ) :

Logfile of HijackThis v1.99.1

Scan saved at 11:55:15 AM, on 8/13/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSSystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

c:Program FilesCommon FilesSymantec SharedccSetMgr.exe

c:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSehomeehSched.exe

c:Program FilesNorton AntiVirusnavapsvc.exe

C:WINDOWSSystem32svchost.exe

c:Program FilesNorton AntiVirusSAVScan.exe

C:WINDOWSehomeehtray.exe

C:Program FilesJavaj2re1.4.2_03binjusched.exe

C:windowssystemhpsysdrv.exe

C:WINDOWSehomeehmsas.exe

C:Program FilesHPhpcoretechhpcmpmgr.exe

C:WINDOWSSystem32hphmon05.exe

C:HPKBDKBD.EXE

C:Program FilesCommon FilesRealUpdate_OBrealsched.exe

C:Program FilesCommon FilesSymantec SharedccApp.exe

C:WINDOWSAGRSMMSG.exe

C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe

C:WINDOWSSOUNDMAN.EXE

C:WINDOWSALCWZRD.EXE

C:WINDOWSALCMTR.EXE

C:Program FilesCommon FilesAOL1140144820eeAOLSoftware.exe

C:Program FilesCommon FilesLogitechQCDriver2LVCOMS.EXE

C:Program FilesViewpointViewpoint ManagerViewMgr.exe

C:Program FilesMessengerMSMSGS.EXE

C:WINDOWSSystem32wuauclt.exe

C:Program FilesLogitechImageStudioLowLight.exe

C:Program FilesUpdates from HP137903ProgramBackWeb-137903.exe

C:Documents and SettingsAdministratorjrvkfgvj.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesAdobeAcrobat 7.0ReaderAcroRd32.exe

C:Documents and SettingsAdministratorDesktopdlHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.yahoo.com/search/ie.html'>http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:Program FilesNorton AntiVirusNavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:program fileshpdigital imagingbinhpdtlk02.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:Program FilesNorton AntiVirusNavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe

O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_03binjusched.exe

O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe

O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"

O4 - HKLM..Run: [HPHUPD05] c:Program FilesHP{45B6180B-DCAB-4093-8EE8-6164457517F0}hphupd05.exe

O4 - HKLM..Run: [HPHmon05] C:WINDOWSSystem32hphmon05.exe

O4 - HKLM..Run: [KBD] C:HPKBDKBD.EXE

O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot

O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE

O4 - HKLM..Run: [ccApp] "c:Program FilesCommon FilesSymantec SharedccApp.exe"

O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM..Run: [PS2] C:WINDOWSsystem32ps2.exe

O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe

O4 - HKLM..Run: [updateManager] "c:Program FilesCommon FilesSonicUpdate Managersgtray.exe" /r

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..Run: [symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe /Consumer

O4 - HKLM..Run: [sSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe

O4 - HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1140144820eeAOLSoftware.exe

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"

O4 - HKLM..Run: [LVCOMS] C:Program FilesCommon FilesLogitechQCDriver2LVCOMS.EXE

O4 - HKLM..Run: [LogitechGalleryRepair] C:Program FilesLogitechImageStudioISStart.exe

O4 - HKLM..Run: [LogitechImageStudioTray] C:Program FilesLogitechImageStudioLogiTray.exe

O4 - HKLM..Run: [iPHSend] C:Program FilesCommon FilesAOLIPHSendIPHSend.exe

O4 - HKLM..Run: [ViewMgr] C:Program FilesViewpointViewpoint ManagerViewMgr.exe

O4 - HKLM..Run: [bikini] bikini.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengerMSMSGS.EXE" /background

O4 - HKCU..Run: [RealPlayer] "C:Program FilesRealRealOne Playerrealplay.exe" /RunUPGToolCommandReBoot

O4 - Startup: IMStart.lnk = C:Program FilesInterMuteIMStart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:Program FilesQuickenbagent.exe

O4 - Global Startup: Updates from HP.lnk = C:Program FilesUpdates from HP137903ProgramBackWeb-137903.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03binnpjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03binnpjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MI1933~1OFFICE11REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:DOCUME~1ADMINI~1LOCALS~1TempThereInstallHelper.dll

O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:Program FilesThereThereClientThereVoiceTrainer.dll

O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:Program FilesThereThereClientThereLauncher.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:Program FilesNorton AntiVirusnavapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - c:Program FilesNorton AntiVirusSAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe

Any help regarding that matter would be greatly appreciated :)

Thank you Sincerely Keldron :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...