 Spy Sheriff Infected My PC...Please Help, Need your help to shoot the sheriff down |
Forum Rules
Greetings,
Before you post in this forum,please read and follow the instructions in this post: Guidelines for Posting in This Forum
Failure to follow these instructions will only result in delays of the cleaning and removal process.
If you ran other AntiVirus and/or AntiSpyware programs and have the logs available, please post them as well.
Our goal is to help you clean your PC and restore it to pre-infection condition wherever possible.
Thank You
  |
  Dec 16 2005, 09:24 AM
Post
#1
|
|
|
Active Member  Group: Active Members Posts: 21 Joined: 16-December 05 Member No.: 17206  |
Hello, can someone please help me.
I have some spyware or adware on my home pc. It is calling itself Spy Sheriff and it has also changed my desktop background image so that it looked like an error message: SYSTEM STOPPED System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed. Since seeing the above message on my desktop, I have used my Norton and McAfee to do a clean on it but it is still there. It removed 2 out of the 5 infected files but it cannot remove: C://winstall.exe C://windows/system32/vxh8jkdq6.exe C://windows/system32/vxh8jkdq2.exe I have also tried to go task manager but no matter which way I try a message comes on screen saving that my administrator has blocked my access to this. Also I have tried to go to “Add/ Remove Programs” but it is not there. I have tried to get rid of something called winstall but it doesn’t go. This Spy Sheriff is not even letting me connect to the internet. I am using my wireless connection on my laptop to send this to anyone who can help me please. Thank You |
 |
|
|
Dec 16 2005, 02:22 PM
Post
#2
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
You'll have to download and then copy some utilities to either floppy or CD, then take them to the problem computer and copy them to that system.
Post a hijackthis log please. Download and then extract Hijackthis.exe to a new folder. Do not run it from the zip the desktop or a temp folder. Here's a link: http://www.merijn.org/files/hijackthis.zip Do not remove anything using HijackThis. Save the log and then copy and paste the contents into your next reply here in this same topic. It lists many types of entries. Some are good, and others need to be removed. We will help you sort it out. ----------------- Copy these instructions to notepad and save them to your desktop for easy reference. You will be restarting into Safe mode later. Here's help if you need it. To use the F8 key to start Windows XP in Safe mode Restart the computer. Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening. As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again. Using the arrow keys on the keyboard, select Safe mode and then press Enter. ------ Download smitrem.zip Save the file to your desktop. Double click on smitRem.exe to extract the files it contains. This will create a folder named smitrem on your desktop. We'll use it later. ------------ Download CCleaner. http://www.filehippo.com/download_ccleaner.html Install CCleaner Launch CCleaner and look in the upper right corner and click on the "Options" button. Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours". Click OK Do not run CCleaner yet. You will run it later in safe mode. Download the trial version of Ewido Security Suite: http://www.ewido.net/en/download/ Install ewido. During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido It will prompt you to update click the OK button and it will go to the main screen On the left side of the main screen click update Click on Start and let it update. DO NOT run a scan yet. You will do that later in safe mode. -------------------------- Restart into Safe Mode. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. Run Ewido: Click on scanner Click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK When the scan is finished, look at the bottom of the screen and click the Save report button. Save the report to your desktop Start Ccleaner and click Run Cleaner Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar.If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK. Restart back into regular windows. Go for a free online Virus scan here: http://www.pandasoftware.com/activescan/ Allow it to clean Panda will have the option to create a log afer the scan has finished. Click the See Report button. Then click the save Report button. It will be saved under the name activescan.txt Do that and post that log into your next reply here. Post a new HiJackThis log along with the results from ActiveScan and the ewido scan Open C:\smitfiles.txt and post the contents of that file |
|
|
|
|
Dec 17 2005, 03:06 PM
Post
#3
|
|
|
Active Member Group: Active Members Posts: 21 Joined: 16-December 05 Member No.: 17206 |
^^^^^^
Mosaic1, Many thanks for your response and detailed instructions thus far.....it is appreciated! Please find below the log as you requested. Logfile of HijackThis v1.99.1 Scan saved at 12:04:41, on 16/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\Explorer.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\System32\pupxpman.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\Program Files\PcBoost\PcBoost.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\McAfee\QuickClean\Plguni.exe C:\WINDOWS\system32\kernels64.exe C:\Program Files\Multimedia Combo Set\MouseDrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\WINDOWS\system32\DllHost.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\BUFFALO\HDManage\HDManage.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\WINDOWS\system32\vxh8jkdq2.exe C:\WINDOWS\system32\vxh8jkdq5.exe C:\WINDOWS\system32\vxh8jkdq6.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/software/ie401/search.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=221.186.138.132:80 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file) O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [WinGet.exe] C:\Program Files\Indentix\WinGet\WinGet.exe /silent O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...vp/content.html O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/providers...yer/awswaxf.cab O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/toolbars/bundl...ezt-toolbar.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all02.1and1.co.uk/app/static/activex/msxml4.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC O17 - HKLM\Software\..\Telephony: DomainName = PC O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
|
|
|
Dec 17 2005, 09:32 PM
Post
#4
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
This looks odd unless you know it belongs, run hijackthis and select these items. Press the fix checked button. If indoublt. leave the entries there for now.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC O17 - HKLM\Software\..\Telephony: DomainName = PC O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC ----------------- Copy the contents of the code box to notepad. Name the file task.reg Save as type: All files CODE REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr" = - ----- Download Pocket Killbox here http://www.downloads.subratam.org/KillBox.exe Run Killbox.exe by double clicking on it. Select Delete on Reboot. Select End Explorer Shell while deleting file. Copy this entire list to the clipboard. C:\WINDOWS\system32\kernels64.exe C:\winstall.exe C:\WINDOWS\system32\vxh8jkdq2.exe C:\WINDOWS\system32\vxh8jkdq5.exe C:\WINDOWS\system32\vxh8jkdq6.exe (Highlight the list. Press CTRL + C) In the Killbox, Go to the toolbar to File> Paste from clipboard. Click Paste from Clipboard. All of the files you pasted in might not show up on the list in Killbox. That's normal. Some may not be present and so will not be listed. Go ahead to the next step. Click the red icon with the white X at the upper right. You will be prompted to restart. Say yes and exit. ------------- Restart into Safe mode. Go right to Start >Run and type hijackthis Press enter. Select these items. Press the fix checked button: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...vp/content.html O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/toolbars/bundl...ezt-toolbar.cab O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) --------------------------- Double click on task.reg and say yes to the prompt. Restart into regular Windows. Can you get on the internet now? ------------- I'd like to see another hijackthis log. Also: Download Autoruns from this page: http://www.sysinternals.com/Utilities/Autoruns.html Unzip to a folder and the double click on autoruns.exe Wait until the program has finished running (the status line will show 'Ready') Under the 'Options' menu, make sure that 'Include Empty Sections' is checked. Wait again until ready. Be sure the 'Everything' tab is selected. Select 'File -> Save' and save the output file. Copy the contents of the Autoruns text file and post its contents in your next reply here. |
|
|
|
|
Dec 18 2005, 01:39 PM
Post
#5
|
|
|
Active Member Group: Active Members Posts: 21 Joined: 16-December 05 Member No.: 17206 |
^^^^^^
Mosaic 1.... hope alls well! I have tried to follow your instructions....but everytime I try to restart in safe mode, these are the options that I am given: After tapping F8 at Restart: Select First Boot Device Floppy: 1.44MB 3.5 IDE-O: Samsung SV0602H CD ROM: LITE-ON DVD RW SOHW-1673S : NETWORK NETWORK: I remember going into safe mode several months ago...and do not remember seeing this message...so im not sure if im doing something wrong (tried to go into safe mode several times and the same box appears everytime) or whether this virus is worse than I first imagined hope to hear from you thanks in advance |
|
|
|
|
Dec 18 2005, 01:59 PM
Post
#6
|
|
|
Active Member Group: Active Members Posts: 21 Joined: 16-December 05 Member No.: 17206 |
^^^^
Please ignore the above, was able to access it by tapping F5 instead.... only 1 problem, in that i cannot access the net, so cannot update the definitions of the EWIDO SECURITY SUITE. I have carried out the step before this...( Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish.) So....what should I do next? many thanks in advance this pc virus is beginning to effect my brain...LOL This post has been edited by mackiecross: Dec 18 2005, 02:27 PM |
|
|
|
|
Dec 18 2005, 04:52 PM
Post
#7
|
|
|
Active Member Group: Active Members Posts: 21 Joined: 16-December 05 Member No.: 17206 |
Mosaic1,
I have carried out all your instructions upto the point where you have askes me to go online to www.pandasoftware.com and carry out a virus scan. unfortnately im not able to do this as the PC is still not letting me log on the web, keep getting the error page. However, here is the scan report from EWIDO: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 16:15:48, 18/12/2005 + Report-Checksum: 79895740 + Scan result: HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{88C51E90-8E9C-4C96-8A45-574D88B63FAF} -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3023AF97-870E-476A-B30E-3923DF2B84BD} -> Spyware.EZtracks : Cleaned with backup HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CE93AE-4987-483C-9ABE-F2BD5301AB70} -> Spyware.KeenValue : Cleaned with backup HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup HKU\S-1-5-21-1647371527-1465058494-1690550294-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup [1020] C:\WINDOWS\system32\vxh8jkdq2.exe -> Hijacker.Spywad.l : Cleaned with backup [1036] C:\WINDOWS\system32\vxh8jkdq5.exe -> Downloader.Small.axn : Cleaned with backup [1048] C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.atl : Cleaned with backup :mozilla.6:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.7:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.9:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.10:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.14:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.15:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.19:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.20:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.32:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.34:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.35:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.36:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.37:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.48:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.49:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.50:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.51:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.52:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.53:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.54:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.55:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.56:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.63:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.67:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.84:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.85:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.86:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.87:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.88:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.89:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.90:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.91:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.92:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.93:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.139:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.146:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.147:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.148:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.149:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.150:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.151:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.152:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.153:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.154:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.155:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.156:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup :mozilla.169:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.170:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.171:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.172:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.173:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.174:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.175:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.176:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup :mozilla.177:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.178:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.179:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.180:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.181:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.187:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.218:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.219:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.220:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.221:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.225:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup :mozilla.231:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup :mozilla.243:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.244:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup :mozilla.246:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.247:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.248:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.249:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup :mozilla.257:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup :mozilla.263:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.264:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.265:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.306:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.309:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.310:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.311:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.312:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.313:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.314:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.315:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.316:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.317:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.318:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.319:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.320:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.321:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.322:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.323:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.324:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.325:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.326:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.327:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.328:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.329:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.330:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.331:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.332:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.333:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.334:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.335:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.336:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.357:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.358:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.359:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.360:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.362:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.367:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.368:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.369:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.370:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.371:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.372:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.373:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.374:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.421:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.422:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.434:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup :mozilla.466:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.467:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.470:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.471:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.472:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.491:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.539:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.558:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup :mozilla.559:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup :mozilla.560:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup :mozilla.561:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup :mozilla.564:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.565:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.566:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.567:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.574:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.577:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.578:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.579:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.581:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.588:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.589:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.590:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.591:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.610:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.611:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.612:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.616:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.636:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.651:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.652:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.658:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.659:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.660:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.662:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.663:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.664:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.665:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.666:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.667:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.668:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.669:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.670:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.685:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.686:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.687:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.688:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.697:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup :mozilla.727:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.734:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup :mozilla.735:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup :mozilla.741:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup :mozilla.766:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup :mozilla.770:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup :mozilla.783:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.784:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.788:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.789:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.801:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.802:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.803:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.804:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.805:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.817:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.818:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.821:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.822:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.823:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.825:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.828:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.829:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.832:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.833:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.834:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.850:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.851:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.852:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.853:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.863:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup :mozilla.864:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup :mozilla.865:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.866:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.867:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.868:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.878:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.879:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.887:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.888:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.889:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.890:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.891:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.892:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.893:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.894:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.895:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.896:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.897:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.898:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.899:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.915:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.917:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.918:C:\Documents and Settings\Ali\Application Data\Mozilla\Firefox\Profiles\e73s222s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup C:\WINDOWS\autoload.exe -> Not-A-Virus.Tool.Autoloader : Cleaned with backup C:\WINDOWS\system\svchost.dll -> Downloader.Agent.zi : Cleaned with backup C:\WINDOWS\system\svchost.exe -> Dropper.Agent.aax : Cleaned with backup C:\WINDOWS\system\svwhost.exe -> Backdoor.Agent.px : Cleaned with backup C:\WINDOWS\system32\vxgamet2.exe -> Downloader.Small.bxc : Cleaned with backup C:\WINDOWS\system32\vxgamet4.exe -> Downloader.Small.bpz : Cleaned with backup C:\WINDOWS\system32\vxh8jkdq2.exe -> Hijacker.Spywad.l : Cleaned with backup C:\WINDOWS\system32\vxh8jkdq5.exe -> Downloader.Small.axn : Cleaned with backup C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.atl : Cleaned with backup ::Report End This post has been edited by mackiecross: Dec 18 2005, 04:58 PM |
|
|
|
|
Dec 18 2005, 04:54 PM
Post
#8
|
|
|
Active Member Group: Active Members Posts: 21 Joined: 16-December 05 Member No.: 17206 |
______________________________________________________________________
AND TO ADD, here's another HJT report: Logfile of HijackThis v1.99.1 Scan saved at 16:37:20, on 18/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\pupxpman.exe C:\WINDOWS\system32\kernels64.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\Program Files\PcBoost\PcBoost.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\McAfee\QuickClean\Plguni.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Multimedia Combo Set\MouseDrv.exe C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\BUFFALO\HDManage\HDManage.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=221.186.138.132:80 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file) O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [WinGet.exe] C:\Program Files\Indentix\WinGet\WinGet.exe /silent O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...vp/content.html O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/providers...yer/awswaxf.cab O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/toolbars/bundl...ezt-toolbar.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all02.1and1.co.uk/app/static/activex/msxml4.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC O17 - HKLM\Software\..\Telephony: DomainName = PC O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ___________________________________________________________________ also when i restarted in normal mode, on startup SpySweeper detects the following 3 programmes that start when windows starts. STARTUP ITEM: system tools PRODUCT NAME: is not provided COMPANY NAME: is not provided COPYRIGHT INFORMATION: is not provided LOCATION: C:\windows\system32\kernels64.exe REGISTRY OR STARTUP FOLDER: HKLM:Run Services _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ STARTUP ITEM: system PRODUCT NAME: is not provided COMPANY NAME: is not provided COPYRIGHT INFORMATION: is not provided LOCATION: C:\windows\system32\kernels64.exe REGISTRY OR STARTUP FOLDER: HKLM:Run _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ STARTUP ITEM: winstall PRODUCT NAME: is not provided COMPANY NAME: is not provided COPYRIGHT INFORMATION: is not provided LOCATION: C:\winstall REGISTRY OR STARTUP FOLDER: Run I know winstall is most definetly part of the problem, but am not sure of the other 2, but to be on the safe side i have denied all 3 programs to run on startup....until i hear differently from you. best regards thanking you in anticipation.... |
|
|
|
|
Dec 18 2005, 10:51 PM
Post
#9
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
Copy the contents of the code box to Notepd.
Name the file bye.bat Save as Type: All files Double click on bye.bat CODE reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoRestartShell /t REG_DWORD /d 0 /f tskill kernels64 attrib -s -h -r C:\windows\system32\kernels64.exe del C:\windows\system32\kernels64.exe attrib -s -h -r C:\winstall.exe del C:\winstall.exe Start Hijackthis reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoRestartShell /t REG_DWORD /d 1 /f When bye.bat has finished running, it will start Hijackthis. Select the following and press the fix checked button: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file) O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/toolbars/bundl...ezt-toolbar.cab ------------------ Restart the computer (If Spysweeper asks if you want to accept the changes you made, allow them) and run hijackthis again. Post the new log here. Post a startuplist too please. In Hijackthis press the Config Button Click Misc Tools Check both boxes next to the Generate StartupList log and then click the generate startuplist log button. Paste the contents into your next reply here. Did you get any messages from Spywsweeper at startup? --------------- Also you are runing two firewalls and two AV's in ths background. This can cause conflicts and system problems. You need to decide which to run all the time, Either run Norton or McAfee. But not Both! Does CTRL + ALT + DEL now work? Does the internet Work? |
|
|
|
|
Dec 18 2005, 10:52 PM
Post
#10
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
Here's a page where you can download the updates for Ewido and install manually:
http://www.ewido.net/en/download/updates/ |
|
|
|
|
Dec 19 2005, 11:12 AM
Post
#11
|
|
|
Active Member Group: Active Members Posts: 21 Joined: 16-December 05 Member No.: 17206 |
Mosaic1,
Many thanks again.... Please find below the Hijack Log after carrying out your instructions from yesterday. Logfile of HijackThis v1.99.1 Scan saved at 10:33:37, on 19/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\pupxpman.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\Program Files\PcBoost\PcBoost.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\McAfee\QuickClean\Plguni.exe C:\Program Files\Multimedia Combo Set\MouseDrv.exe C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\BUFFALO\HDManage\HDManage.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=221.186.138.132:80 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [WinGet.exe] C:\Program Files\Indentix\WinGet\WinGet.exe /silent O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...vp/content.html O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/providers...yer/awswaxf.cab O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all02.1and1.co.uk/app/static/activex/msxml4.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PC O17 - HKLM\Software\..\Telephony: DomainName = PC O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PC O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
|
|
|
Dec 19 2005, 11:14 AM
Post
#12
|
|
|
Active Member Group: Active Members Posts: 21 Joined: 16-December 05 Member No.: 17206 |
Please find below the START-UP LIST as requested:
StartupList report, 19/12/2005, 10:35:59 StartupList version: 1.52.2 Started from : C:\HJT\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\pupxpman.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\Program Files\PcBoost\PcBoost.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\McAfee\QuickClean\Plguni.exe C:\Program Files\Multimedia Combo Set\MouseDrv.exe C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\BUFFALO\HDManage\HDManage.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Ali\Start Menu\Programs\Startup] BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe hp psc 1000 series.lnk = ? hpoddt01.exe.lnk = ? Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run mspwr = C:\WINDOWS\System32\pupxpman.exe McAfee Guardian = "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU PcBoost = "C:\Program Files\PcBoost\PcBoost.exe" /start SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer Imonitor = "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe SSBkgdUpdate = C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot WireLessMouse = C:\Program Files\Multimedia Combo Set\MouseDrv.exe WireLessKeyboard = C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR WinGet.exe = C:\Program Files\Indentix\WinGet\WinGet.exe /silent -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{68498E36-E7C3-11D4-8D77-00A024534F21}TBC728] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{4b218e3e-bc98-4770-93d3-2731b9329278}] * StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} -------------------------------------------------- Enumerating Task Scheduler jobs: FRU Task #Hewlett-Packard#hp psc 1200 series#1106131413.job Norton AntiVirus - Scan my computer - Ali.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [{00000055-9980-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/fhg.CAB [{00000161-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/msaudio.cab [Microsoft Office Template and Media Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab [QuickTime Object] InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab [{03F998B2-0E00-11D3-A498-00104B6EB52E}] CODEBASE = https://components.viewpoint.com/MTSInstall...vp/content.html [Microsoft VM] CODEBASE = http://www.maitreya.org/JAVA/To_See_Applets/msjavx86.exe [PCPitstop Utility] InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPitstop.dll CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB [Macromedia Authorware Web Player Control] InProcServer32 = C:\WINDOWS\system32\macromed\authorwa\awswax.ocx CODEBASE = http://courses.learndirect.co.uk/providers...yer/awswaxf.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab [iCC Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll CODEBASE = http://www.pcpitstop.com/internet/pcpConnCheck.cab [{3334504D-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab [{33363249-0000-0010-8000-00AA00389B71}] CODEBASE = http://codecs.microsoft.com/codecs/i386/i263_32.cab [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB [EPUImageControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll CODEBASE = http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab [MSN Photo Upload Tool] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll CODEBASE = http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab [McUpdatePortalFactory Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\McUpdatePortal.dll CODEBASE = https://mysupport.nai.com/amiuptodate/bin/1...pdatePortal.cab [XML DOM Document 4.0] InProcServer32 = %SystemRoot%\system32\msxml4.dll CODEBASE = http://cm4all02.1and1.co.uk/app/static/activex/msxml4.cab [Java Plug-in 1.5.0_04] InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx CODEBASE = http://messenger.msn.com/download/MsnMesse...pDownloader.cab [Java Plug-in 1.4.2] InProcServer32 = C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab [Java Plug-in 1.5.0_02] InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_04] InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [PB_Uploader Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\uploader.ocx CODEBASE = http://static.photobox.co.uk/sg/common/uploader.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx CODEBASE = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab [Hotmail Attachments Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx CODEBASE = http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx [MSN Chat Control 4.5] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab [DiskHealth2 Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\DiskFAU.dll CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\System32\CSLSP.DLL Protocol #2: C:\WINDOWS\System32\CSLSP.DLL Protocol #3: C:\WINDOWS\System32\CSLSP.DLL Protocol #4: C:\WINDOWS\System32\CSLSP.DLL Protocol #5: C:\WINDOWS\System32\CSLSP.DLL Protocol #6: C:\WINDOWS\System32\CSLSP.DLL Protocol #7: C:\WINDOWS\System32\CSLSP.DLL Protocol #8: C:\WINDOWS\System32\CSLSP.DLL Protocol #9: C:\WINDOWS\System32\CSLSP.DLL Protocol #10: C:\WINDOWS\System32\CSLSP.DLL Protocol #11: C:\WINDOWS\System32\CSLSP.DLL Protocol #12: C:\WINDOWS\System32\CSLSP.DLL Protocol #13: C:\WINDOWS\System32\CSLSP.DLL Protocol #14: C:\WINDOWS\System32\CSLSP.DLL Protocol #15: C:\WINDOWS\System32\CSLSP.DLL Protocol #16: C:\WINDOWS\System32\CSLSP.DLL Protocol #17: C:\WINDOWS\System32\CSLSP.DLL Protocol #18: C:\WINDOWS\System32\CSLSP.DLL Protocol #19: C:\WINDOWS\System32\CSLSP.DLL Protocol #20: C:\WINDOWS\System32\CSLSP.DLL Protocol #21: C:\WINDOWS\System32\CSLSP.DLL Protocol #22: C:\WINDOWS\system32\mswsock.dll Protocol #23: C:\WINDOWS\system32\mswsock.dll Protocol #24: C:\WINDOWS\system32\mswsock.dll Protocol #25: C:\WINDOWS\system32\rsvpsp.dll Protocol #26: C:\WINDOWS\system32\rsvpsp.dll Protocol #27: C:\WINDOWS\system32\mswsock.dll Protocol #28: C:\WINDOWS\system32\mswsock.dll Protocol #29: C:\WINDOWS\system32\mswsock.dll Protocol #30: C:\WINDOWS\system32\mswsock.dll Protocol #31: C:\WINDOWS\system32\mswsock.dll Protocol #32: C:\WINDOWS\system32\mswsock.dll Protocol #33: C:\WINDOWS\system32\mswsock.dll Protocol #34: C:\WINDOWS\system32\mswsock.dll Protocol #35: C:\WINDOWS\system32\mswsock.dll Protocol #36: C:\WINDOWS\system32\mswsock.dll Protocol #37: C:\WINDOWS\system32\mswsock.dll Protocol #38: C:\WINDOWS\system32\mswsock.dll Protocol #39: C:\WINDOWS\system32\mswsock.dll Protocol #40: C:\WINDOWS\system32\mswsock.dll Protocol #41: C:\WINDOWS\system32\mswsock.dll Protocol #42: C:\WINDOWS\system32\mswsock.dll Protocol #43: C:\WINDOWS\System32\CSLSP.DLL -------------------------------------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system) Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start) AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system) Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start) Trust Ami PS/2 Port Mouse Driver (2): System32\DRIVERS\Amps2prt.sys (manual start) Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start) Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system) ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start) Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start) Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart) Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start) Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart) CD-ROM Driver: System32\DRIVERS\cdrom.sys (system) Indexing Service: C:\WINDOWS\System32\cisvc.exe (autostart) ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled) COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Dual-Mode DSC(2770): System32\Drivers\SQcaptur.sys (manual start) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Disk Driver: System32\DRIVERS\disk.sys (system) Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start) DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start) EPSON Printer Status Agent2: C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (autostart) Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart) Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start) VIA Rhine-Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: System32\DRIVERS\fetnd5.sys (manual start) Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) SEMC DSS-20 SyncStation Serial Converter Driver: system32\drivers\ftdibus.sys (manual start) Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system) Lundinova Filter Driver: system32\drivers\ftlund.sys (manual start) SEMC DSS SyncStation Driver: system32\drivers\ftser2k.sys (manual start) Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start) Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start) Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft Hid to Joystick Port Enabler: System32\DRIVERS\hidgame.sys (manual start) HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start) IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start) Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start) USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system) CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system) IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start) Intel Processor Driver: System32\DRIVERS\intelppm.sys (system) Intel® 536EP V.92 Modem: System32\DRIVERS\Intels51.sys (manual start) IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start) IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start) IPSEC driver: System32\DRIVERS\ipsec.sys (system) IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system) Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system) Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system) Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) McAfee Firewall: "C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (autostart) McAfee Firewall Network Filter Miniport: System32\DRIVERS\fw220.sys (manual start) Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart) Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start) Mouse Class Driver: System32\DRIVERS\mouclass.sys (system) Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start) WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) MSCSPTISRV: C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (manual start) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start) Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start) Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Norton AntiVirus Auto-Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart) NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051207.023\NAVENG.Sys (manual start) NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051207.023\NavEx15.Sys (manual start) Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start) Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start) NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start) Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS Interface: System32\DRIVERS\netbios.sys (system) NetBT: System32\DRIVERS\netbt.sys (system) Network DDE: %SystemRoot%\system32\netdde.exe (disabled) Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) Net Logon: %SystemRoot%\System32\lsass.exe (manual start) Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Norton AntiVirus Firewall Monitor Service: "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" (autostart) NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start) Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start) PACSPTISVR: C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (manual start) Parallel port driver: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) Plug and Play: %SystemRoot%\system32\services.exe (autostart) Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start) IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart) WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start) Processor Driver: System32\DRIVERS\processr.sys (system) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start) Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\DRIVERS\PxHelp20.sys (system) Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start) Direct Parallel: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start) Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system) Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) S3Psddr: System32\DRIVERS\s3gnbm.sys (manual start) Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart) SAVRT: \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (manual start) SAVRTPEL: \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (system) SAVScan: "C:\Program Files\Norton AntiVirus\SAVScan.exe" (manual start) ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart) Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start) Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start) Serial port driver: System32\DRIVERS\serial.sys (system) Serial Mouse Driver: System32\DRIVERS\sermouse.sys (manual start) Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (autostart) Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start) SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system) Symantec SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart) Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) Sony SPTI Service: C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (manual start) System Restore Filter Driver: System32\DRIVERS\sr.sys (system) System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) SSI: system32\Drivers\SSI.SYS (system) Still Serial Digital Camera Driver: System32\DRIVERS\serscan.sys (manual start) Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart) Software Bus Driver: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{56652934-96F4-46BB-9FA3-E98128F3A2A4} (manual start) Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart) SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start) SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start) SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start) SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start) SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20051208.051\symidsco.sys (manual start) symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart) SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start) SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start) SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system) Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start) Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start) Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system) Terminal Device Driver: System32\DRIVERS\termdd.sys (system) Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Update Driver: System32\DRIVERS\update.sys (manual start) Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start) USB Cable Modem 351000 NDIS Driver: System32\DRIVERS\usbcm.sys (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start) USB Root Hub (usbport): System32\DRIVERS\usbhub.sys (manual start) Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start) USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start) USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start) Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start) VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system) VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system) ViaIde: System32\DRIVERS\viaidexp.sys (system) VIAPFD: \SystemRoot\System32\Drivers\VIAPFD.SYS (system) VIA AC'97 Audio Controller (WDM): system32\drivers\viaudio.sys (manual start) vsdatant: \??\C:\WINDOWS\System32\vsdatant.sys (manual start) Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start) Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system) Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 42,376 bytes Report generated in 0.250 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
|
|
|
|
Dec 19 2005, 11:31 AM
Post
#13
|
|
|
Active Member Group: Active Members Posts: 21 Joined: 16-December 05 Member No.: 17206 |
Unfortunately still not able to connect the web....
Still getting the "The page cannot be displayed" message....with an additional pop-up saying "Internet Explorer could not open the search page". Although at the bottom of the IE window, I keep seeing the message Downloading from site: res//C:\\WINDOWS\system32\shdoclc.dll/dsnerror.htm Also the logo in top right corner of IE (spinning T....think its the deutsche telecom logo...on account of being in Germany with this PC, and having installed their net service)...I remember that this would only happen if the net connection was "live"....so it could be that something is either blocking or redirecting the access to the net?? or at least thats my theory on it :boh: Still not able to access task manager via right clicking on taskbar. Pushing Ctrl+Alt+Del brings up several pop up messages stating "Task manager has been disabled by your administrator" I have manually downloaded the updates for the EWIDO suite....and am running the programme again....and will post its findings again once the scan is complete. This time SpySweeper only found 2 programmes at start up, (as before, minus winstall....which i think is now off the system) and i allowed them to start up. Also, the message I originally had on the desktop as desribed on my first post has gone LOL so im sure we are mos'def' on the right track!! Thanks for all the help thus far..... eagerly await your next instructions |
|
|
|
|
Dec 19 2005, 03:24 PM
Post
#14
|
|
|
Active Member Group: Active Members Posts: 21 Joined: 16-December 05 Member No.: 17206 |
Ran another ewido scan with the updates installed:
--------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 13:17:17, 19/12/2005 + Report-Checksum: BCCF13B8 + Scan result: No infected objects found. ::Report End ________________________________________ Also ran norton, but that also gave the all clear |
|
|
|
|
Dec 19 2005, 04:18 PM
Post
#15
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
That's looking much better. Copy the contents of the code box to notepad.
Name the file task.reg Save as type: All files Double click on task.reg and say yes to the prompt. CODE REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr" = - [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr" = - I'll have a quick look for an answer to your internet problem. But I am going away for the holiday and may not be able to finish this up. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 22nd November 2009 - 01:27 AM |
