Tonight, I ran Netscape's full scan and it found 2 "problems" that it removed - Spyware.RealSpy (said this is spyware) and Limewire (with the notation 'P2P' - I don't know what that means right now, but I'll find out).

I googled both and could get no definitive information. I know ya'll can help.

Even though, it said it's been removed, should I be concerned? (I wasn't concerned enough in the past about things later coming back to bite me in the butt! Wanna be extra careful now!)

I'm sending my HiJackThis log just in case and am anxious to hear back from someone. I'm a little afraid to keep using this PC until then.

Logfile of HijackThis v1.99.1
Scan saved at 9:35:13 PM, on 5/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Prevx Pro\SAGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Prevx Pro\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Netscape\NETSCA~1\netscape.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\HP_Administrator\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/ser...ty&version=8.3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PrevxPro] "C:\Program Files\Prevx Pro\SAGUI.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136904502010
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} - http://pictures.aolcdn.com/ap/Resour...s.10.1.0.0.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Pro\PXAgent.exe" -f (file missing)

Okay, just found out that P2P is peer-t-peer file sharing. That really upsets and worries me! I do NOT know where this file could have come from! I have not downloaded anything lately and have all of the security ya'll suggested/advised in place! This is really freaky! Where did I pick it up at? I will stay away. The only things I've done today is edit my site on Bravenet.com and attempt to login to Commission Junction (cj.com)-oddly, I kept getting booted back out of it although I was able to login. Then when I tried to turn the page (clicking next) I was getting booted out and asked to login again! Could all of this be related? I HAVE been noticing problems today - just a bunch of seemingly insignificant stuff that probably IS more significant than I thought!

Welcome to DAL,

It appears you have two anti-virus programs running and not a good idea please uninstall one of them.



Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.



Please download, install, and update the NEW free version of Ewido trojan scanner:
[*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
[*]From the main ewido screen, click on update in the left menu, then click the Start update button.
[*]After the update finishes (the status bar at the bottom will display "Update successful")
[*]Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
[*]If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
[*]When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Post the log Ewido makes back here please and a new hijackthis log. Thanks.

Hi Neal - First things first - What 2 anti-virus programs??? I didn't know I had any other than Avast - what else is there?

Secondly, is the "ewido" you want me to download different from the other one you had me download? I'm confused! If I'm not mistaken, I ran the ewido scan a few days ago and yes, i remember it took QUITE a while to run! I had run the quick scan earlier today. I've got too much going on here and I'm a little lost!

here's the uninstall list to start with...

I'm still not sure of the "2nd" anti-virus - which is it?


Acronis True Image
Ad-Aware SE Personal
Adobe Reader 7.0.5
ATI Control Panel
ATI Display Driver
avast! Antivirus
Bug Doctor 3.0.3.8
CCleaner (remove only)
Data Fax SoftModem with SmartCP
Diskeeper Lite
ePrompter
ewido anti-malware
FastStone Photo Resizer 1.4
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
HP Boot Optimizer
HP Deskjet 5400 series
HP Extended Capabilities 5.0
HP Image Zone 4.7
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Multimedia Keyboard Software
HP PSC & OfficeJet 4.7
HP Software Update
InterVideo WinDVD Player
IrfanView (remove only)
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Plus! Digital Media Edition Installer
MP3Rocket
muvee autoProducer 4.0
Netscape Browser (remove only)
Pop-Up Stopper Free Edition
Prevx Pro 2005
PS2
QuickTime
RealPlayer
RegBlock
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
Windows Backup Utility
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB912067
WinPatrol
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Toolbar

I wanted you to see this also. Just ran AdAware: Found 10 Critical objects! How do these things still manage to get through. And it seems as though I have had this same crop of spyware before - how'd they get thru again!? There's just got to be a way to block these creeps!


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_administrator@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Cookies\hp_admi nistrator@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_administrator@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Cookies\hp_admi nistrator@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_administrator@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Cookies\hp_admi nistrator@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_administrator@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Cookies\hp_admi nistrator@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_administrator@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Cookies\hp_admi nistrator@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_administrator@edge.ru4[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Cookies\hp_admi nistrator@edge.ru4[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_administrator@mercury.bravenet[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Cookies\hp_admi nistrator@mercury.bravenet[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_administrator@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Cookies\hp_admi nistrator@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_administrator@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Cookies\hp_admi nistrator@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_administrator@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Cookies\hp_admi nistrator@zedo[2].txt

Disk Scan Result for C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

Hi,

If you already have Ewido run that just check for updates first and post the log.

Anti-virus programs:

C:\Program Files\Prevx Pro\SAGUI.exe---from add/remove program=Prevx Pro 2005


Cookies are an everyday part of life on the internet, nothing to worry about, just keep running Adaware SE or CCleaner and they will go away until next time on the internet.

Hi Neal - I have a little problem. My free version of ewido has expired. Is there anything else I can/should do? I am currently running a full scan using Avast, but they don't have a log, do they?

??????

Also a few minutes ago Avast popped up telling me it had caught a "Win32" trojan! I suppose it handled it - I don't know! I need your help!

I downloaded this - what do you think?

http://www.emsisoft.com/en/software/download/