Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Very Slow Computer - Different PC This Time
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 07-25-2006, 04:00 PM   #1 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 32
OS: XP Home


Very Slow Computer - Different PC This Time
I'm now on my Windows 2000 SP4 System, and it's incredibly slow, taking about 20 minutes just to boot up, and 2-5 minutes to load anything from a browser to a program. I've done all the steps in the thread what to do before posting a HJT log, and it's helped a bit, my pc is a little bit faster now, it found a few viruses and spyware.

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:56:55 PM, on 7/25/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\Media\sys\system\config\WinMedia.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\system32\hphmon04.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\iolo\SYSTEM~2\SysMech6.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\mangemeer\Application Data\Mozilla\Profiles\default\rjffrnfg.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: csrss.lnk = ?
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: =>&Français - http:\\wordreference.com\fr\j\iefr119.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mangemeer\Start Menu\Programs\IMVU2\Run IMVU.lnk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153597593509
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://oweb.peelschools.org/jinitiator/jinit.exe
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/Eng...o%20French.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7BA95A0-6526-4FE4-AEE5-4044C68238F9}: Domain = enersource.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sympatico.ca
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\NETASS~1\SMARTB~1\SBHookSvc.exe
O23 - Service: Win-Media Service (wmedia) - Unknown owner - c:\Media\sys\system\config\WinMedia.exe

Thanks in advance.
Jacob
jacob2932 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 07-26-2006, 09:14 PM   #2 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 32
OS: XP Home


Bump.
jacob2932 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-28-2006, 03:22 PM   #3 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


I recommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

There isn't much showing in your log, so we'll try a general cleaning and see what turns up.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
Cleanup!- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Anti-Malware
  • Install Ewido Anti-Malware
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • I also recommend changing the "Update interval" to something more reasonable like 12 hours.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

Tools
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it’s checked.
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted. If prompted to reboot, click No.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
  • When the scan is complete click Recommended Action and change it to Quarantine
  • Then click Apply all actions
Once finished, click the Save report button, then click Save Report As and save it to your desktop.

Reboot your system in Normal Mode.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

In your next post please include:
  • Panda Activescan Log
  • Ewido Log
  • A new Hijackthis! Log
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-29-2006, 11:32 AM   #4 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 32
OS: XP Home


Here's the Ewido scan log. Before I posted I had ran an Ewido scan and it had removed some viruses, so I'll post that one after the one i just did:

Ewido Scan:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:51:59 AM 7/29/2006

+ Scan result:



:mozilla.131:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.132:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.133:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.134:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.35:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.36:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.37:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.38:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.39:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.24:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.231:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.232:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.233:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.95:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.77:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.81:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.82:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.44:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.45:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.46:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.47:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.48:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.49:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.50:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.51:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.189:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.94:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.66:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.72:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.73:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.183:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.184:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.185:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.227:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.124:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.164:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.165:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.166:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.78:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.79:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.80:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.224:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.250:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tracking101 : No action taken.
:mozilla.33:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.34:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.469:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.234:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.235:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.236:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.237:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.27:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.28:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.29:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.30:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.31:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.32:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

2nd Ewido Scan (From a few days ago):
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:15:01 AM 7/25/2006

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sandlot Shared\slghex.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
C:\Media\sys\system\config\as.rar/hidden32.exe -> Backdoor.Hupigon.hk : Cleaned with backup (quarantined).
C:\Media\sys\system\config\rar.rar/as.rar/hidden32.exe -> Backdoor.Hupigon.hk : Cleaned with backup (quarantined).
C:\Media\sys\system\config\rar.rar/dll2.dll -> Backdoor.Subot.a : Cleaned with backup (quarantined).
C:\Media\sys\system\config\filter.dll -> Backdoor.Usirf.D : Cleaned with backup (quarantined).
C:\Media\sys\system\config\rar.rar/filter.dll -> Backdoor.Usirf.D : Cleaned with backup (quarantined).
C:\Program Files\Messenger Plus! 3\Setup.dat/sponsor.exe -> Downloader.Swizzor.ag : Cleaned with backup (quarantined).
C:\WINNT\system32\taskmgn.exe -> Not-A-Virus.BadJoke.Win32.Likesurf : Cleaned.
:mozilla.559:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.560:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.561:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.248:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.249:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.250:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.251:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.252:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.253:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.254:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.255:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.256:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.257:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.258:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.336:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.377:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.387:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.537:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@bellglobemediapublishing.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@msnlivefavorites.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.94:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.95:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.96:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.280:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.281:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.282:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.283:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.285:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.42:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\default.7xs\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.43:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\default.7xs\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.587:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.588:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.390:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Adtrak : Cleaned.
:mozilla.116:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.117:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.118:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.119:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.120:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.121:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.122:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.386:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.158:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.159:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.160:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.161:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.141:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.142:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.143:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.144:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.145:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.146:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.147:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.148:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.149:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.150:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.151:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.393:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.85:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.509:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.76:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.326:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.328:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.329:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.63:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.66:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.67:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.68:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.77:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.78:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.79:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.80:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.81:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.82:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.83:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.9:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\default.7xs\cookies.txt -> TrackingCookie.Gator : Cleaned.
:mozilla.392:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.446:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.451:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.275:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.578:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.440:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.447:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.448:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.449:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.534:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.535:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Default User\Cookies\system@ads.lop[2].txt -> TrackingCookie.Lop : Cleaned.
:mozilla.16:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.582:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.72:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.73:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.74:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.75:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.19:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.331:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.332:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.333:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.34:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\default.7xs\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.342:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@ads01.revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.434:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.436:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.437:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.438:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.439:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.441:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.100:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.101:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.102:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.106:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.107:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.97:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.162:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.163:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.472:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.473:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.494:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.425:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.12:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.13:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.15:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.234:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.235:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.236:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.237:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@pmads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@vdn.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.525:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.398:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.399:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.58:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.402:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.403:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.404:C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\mangemeer\Cookies\mangemeer@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\mangemeer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-1ebd1e05-1bcc860a.class -> Trojan.ClassLoader.Dummy.c : Cleaned with backup (quarantined).
C:\Documents and Settings\mangemeer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5f8e179f-72b0f586.class -> Trojan.ClassLoader.Dummy.c : Cleaned with backup (quarantined).
C:\Documents and Settings\mangemeer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ok.class-26e95bb1-239a8b10.class -> Trojan.Nocheat : Cleaned with backup (quarantined).
C:\Media\sys\system\config\rar.rar/tsk.exe -> Trojan.Zapchast : Cleaned with backup (quarantined).
C:\WINNT\system32\rmtcfg\files\rand2.mrc -> Worm.Randon.aa : Cleaned with backup (quarantined).
C:\WINNT\system32\rmtcfg\files\randscan.mrc -> Worm.Randon.aa : Cleaned with backup (quarantined).


::Report end


Panda Scan:


Incident Status Location

Potentially unwanted tool:Application/ServUBased.A Not disinfected c:\Media\sys\system\config\WinMedia.exe
Dialer:dialer.bew Not disinfected c:\winnt\system32\search.html
Spyware:spyware/betterinet Not disinfected c:\winnt\inf\biini.inf
Adware:adware/startpage.ccm Not disinfected c:\winnt\win32.dat
Adware:adware/ncase Not disinfected c:\program files\FlashTalk
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/delta Not disinfected Windows Registry
Adware:adware/block-checker Not disinfected Windows Registry
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\default.7xs\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Uproar Not disinfected C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\default.7xs\cookies.txt[ads.uproar.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt[.realmedia.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt[.atwola.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt[.did-it.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt[.maxserving.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt[.peel.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\cookies.txt[searchportal.information.com/]
Adware:Adware/CWS Not disinfected C:\Documents and Settings\mangemeer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-2845985b.class
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\mangemeer\Desktop\Desktop\SmileyCentralBetaSetup1.1.2.1-2.exe
Adware:Adware/Lop Not disinfected C:\Program Files\Dart proxy\INTRA DELETE.dll
Adware:Adware/Lop Not disinfected C:\Program Files\Dart proxy\Warn active.dll
Potentially unwanted tool:Application/Zango Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\733EE57D-43C4-4753-8E4A-D6CE68\66AC7AC4-4593-4682-9B48-43A9D9
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MSN Messenger\riched20.dll
Adware:Adware/Lop Not disinfected C:\Program Files\Win obj rect\AudioBodyReal.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Wizet\MapleStory\MapleBot.exe
Dialer:Dialer.Gen Not disinfected C:\WINNT\Cheats24.org[cheats24-org,de,1].exe
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\010-port.xpn
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\020-netbios.xpn
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\030-rpc.xpn
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\040-sql.xpn
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\050-ftp.xpn
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\060-bind.xpn
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\070-finger.xpn
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\080-sygate.xpn
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\090-ntpass.xpn
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\100-http.xpn
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\110-iis.xpn
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\120-smtp.xpn
Potentially unwanted tool:Application/X-Scan.A Not disinfected C:\WINNT\system32\rmtcfg\files\plugin\130-pop3.xpn
Virus:Bck/Digarix.A Disinfected C:\WINNT\system32\rmtcfg\files\servers.ini

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:30:27 PM, on 7/29/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\Media\sys\system\config\WinMedia.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\system32\hphmon04.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\mangemeer\Application Data\Mozilla\Profiles\default\rjffrnfg.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: csrss.lnk = ?
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: =>&Français - http:\\wordreference.com\fr\j\iefr119.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mangemeer\Start Menu\Programs\IMVU2\Run IMVU.lnk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153597593509
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://oweb.peelschools.org/jinitiator/jinit.exe
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/Eng...o%20French.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7BA95A0-6526-4FE4-AEE5-4044C68238F9}: Domain = enersource.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sympatico.ca
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\NETASS~1\SMARTB~1\SBHookSvc.exe
O23 - Service: Win-Media Service (wmedia) - Unknown owner - c:\Media\sys\system\config\WinMedia.exe


I'm going away for a week, and probably won't be able to reply until next Sunday. Thanks.
jacob2932 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-29-2006, 11:34 AM   #5 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 32
OS: XP Home


On the first Ewido log, it says no action taken for all of them, because I quarantined them after the log was made.
jacob2932 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-29-2006, 05:29 PM   #6 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Are you familiar with any software by the name of WinMedia?

Open HijackThis, click Config, then click Misc Tools.
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-05-2006, 12:11 PM   #7 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 32
OS: XP Home


No, I'm not familiar with WinMedia, I also asked the other user's of the computer, they have no idea either. Sorry for such a long delay in replying, here's the list:

Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATopSoft AutoSave 2.20
AVG Free Edition
AVI MPEG Converter 3
BeTrapped!
Betty's Beer Bar (remove only)
Boggle
BookWorm Deluxe 1.01
Bridge Baron 10
Cake Mania
Cake Mania (remove only)
CCHelp
CCScore
Chessmaster 8000
CleanUp!
ClicheCleaner
Coloriage
Corel Paint Shop Pro X
Corel Photo Album 6
CorelDRAW Graphics Suite X3
Cosmi File Shredder
CosmoGirl
Diner Dash 2 (remove only)
Diner Dash(TM)
DiskeeperWorkstation
DrawPlus 3.0
Easy CD Creator 5 Platinum
Egg vs. Chicken
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
ewido anti-spyware 4.0
Family Feud
Family Feud
Fish Tycoon
FontNav
Free Download Manager 2.1 - Free Downloads Center Edition
Freedom Security & Privacy
Gizmos & Gadgets!
GMail Drive Shell Extension
Gold Miner Vegas (remove only)
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HLPIndex
HLPRFO
Hotfix for MDAC 2.53 (KB911562)
HP Extended Capabilities 4.7
HP Image Zone 4.7
hp instant support
hp officejet v series
HP Photo and Imaging 1.0 - HP Photosmart Printer Series
HP PSC & OfficeJet 4.7
HP Software Update
HyperLoad
Image Roll-Over Maker 5.0
INFOPEDIA
Intel(R) PRO Network Connections Drivers
Internet Explorer Q903235
iPod for Windows 2005-06-26
iTunes
Jasc Animation Shop 3
Java 2 Runtime Environment, SE v1.4.2_04
Kodak EasyShare software
KSU
Lavasoft VX2 Cleaner
Learn to Play Bridge
Learn to Play Bridge 2
Lemonade Tycoon 2
Lemonade Tycoon 2 (remove only)
LimeWire 4.9.28
LiveUpdate 1.7 (Symantec Corporation)
Logitech MouseWare 9.79
Macromedia Contribute 3.11
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia FlashPaper 2
Macromedia Shockwave Player
MapleStory
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft AntiSpyware
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office 2000 SR-1 Standard
Microsoft Publisher 2002
Microsoft VGX Q833989
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
Microsoft XML Parser and SDK
Milton Bradley Classic Board Games
mIRC
Monopoly Tycoon
Morpheus 4.8 (remove only)
Mozilla (1.7.2)
Mozilla Firefox (1.0.7)
MSN
MSN Gaming Zone
MSN Messenger 7.0
MSN Toolbar
NetAssistant
Netscape (7.1)
Network Play System (Patching)
Notifier
Oracle JInitiator 1.1.8.16
OTtBP
OTtBPSDK
Paint Express 1.30
Panda ActiveScan
PCDADDIN
PCDHELP
PCDLNCH
Photo Loader 2.1E
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Puzzle Pirates
QuickTime
RealArcade
RealPlayer
RegAlyzer 1.0e
Roll
Saints & Sinners Bingo (remove only)
Sandlot Games Client Services
Scrabble
ScrollBar Styler 5.5
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Windows 2000 (KB904706)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
SFR
SFR2
Shockwave
Small Stella DEMO (remove only)
Spybot - Search & Destroy 1.4
SpywareGuard v2.2
Starcraft
Symantec AntiVirus Client
TeamSpeak 2 RC2
The Cleaner
The Game Of Life
The Print Shop
The Sims Superstar
Trivial Pursuit Unhinged
Update Manager
Update Rollup 1 for Windows 2000 SP4
USB CASIO Digital Camera Device Driver
VBA
VPRINTOL
Warcraft II BNE
Wheel of Fortune (remove only)
Window Searching
Window Washer 5
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB896727
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899588
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB905915
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908523
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB911567
Windows 2000 Hotfix - KB912812
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB916281
Windows 2000 Hotfix - KB917159
Windows 2000 Hotfix - KB917537
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix (SP5) Q818043
Windows 2000 Service Pack 4
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See wm828026 for more information]
Windows Media Player system update (9 Series)
WinZip
WordReference English to French
Yahoo! Companion
jacob2932 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-05-2006, 10:54 PM   #8 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Services
Click Start->Run - type SERVICES.MSC & then click on the OK button
  1. Locate the service - Win-Media Service
  2. Double-click on it to open the Properties dialog.
    • Stop the service by using the Stop button.
    • Change the Startup type to Disabled & then click on the OK button
  3. Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
  4. In the popup box that appears, type in wmedia & then click on the OK button

Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

File and Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
c:\Media\sys\system\config
c:\winnt\system32\search.html
c:\winnt\inf\biini.inf
c:\winnt\win32.dat
c:\program files\FlashTalk
c:\program files\MyWay
C:\Program Files\Dart proxy
C:\Program Files\Win obj rect
C:\WINNT\system32\rmtcfg
C:\Documents and Settings\mangemeer\Desktop\Desktop\SmileyCentralBe taSetup1.1.2.1-2.exe

Reboot to normal mode

Runa new scan with Hijackthis and post the log here. How is the PC running now?
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-06-2006, 10:34 PM   #9 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 32
OS: XP Home


I did everything you said, the actual booting of the pc, up until the login screen seemed a lot faster than usual, but once I logged in, things were very slow once again, little to no improvement. Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:30:26 AM, on 8/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Executive Software\DiskeeperWorkstation\DfrgNTFS.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\system32\hphmon04.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HJT\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\mangemeer\Application Data\Mozilla\Profiles\default\rjffrnfg.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: csrss.lnk = ?
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: =>&Français - http:\\wordreference.com\fr\j\iefr119.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mangemeer\Start Menu\Programs\IMVU2\Run IMVU.lnk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153597593509
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://oweb.peelschools.org/jinitiator/jinit.exe
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/Eng...o%20French.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7BA95A0-6526-4FE4-AEE5-4044C68238F9}: Domain = enersource.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sympatico.ca
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\NETASS~1\SMARTB~1\SBHookSvc.exe
jacob2932 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-07-2006, 08:33 PM   #10 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O4 - Startup: csrss.lnk = ?

Please remember to close all other windows, including browsers then click Fix checked.

Download combofix.exe-Save it to your Desktop, we will need this later.

Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-10-2006, 03:56 PM   #11 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 32
OS: XP Home


I tried to delete csrss and got this message:

Unexpected error occurred!
Error #52 (Bad file name or number) in Sub GetLongPath(?.exe).

Please send a report to merijn@spywareinfo.com, mentioning what you were doing, and what version of Windows you have.

This message has been copied to your clipboard.

Then it said :

Unable to delete the file:
04 - Startup: csrss.lnk = ?

The file may be in use. Use Task Manager to shutdown the program and run HijackThis again to delete the file.

I went to shutdown csrss.exe from the task manager, and got this message:

This is a critical system process. Task Manager cannot end this process.

Heres the ComboFix Log:

Start Time= Tue 08/08/2006 5:46:27.70
Running from: C:\Documents and Settings\Administrator\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-08 05:42:36 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Macromedia"
2006-08-08 05:39:04 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Mozilla"
2006-08-08 05:37:24 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\ATI"
2006-08-08 05:37:14 ( .DS.. ) "C:\Documents and Settings\Administrator\Application Data\Microsoft"
2006-08-08 05:37:04 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Zero Knowledge"
2006-08-08 05:36:54 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\AVG7"
2006-08-08 05:36:10 ( .D... ) "C:\Program Files\Web Publish"
2006-08-05 18:59:14 ( AD... ) "C:\Program Files\Windows Media Player"
2006-08-05 18:57:38 ( .D... ) "C:\Program Files\avi2divx"
2006-08-05 12:59:22 ( .D... ) "C:\Program Files\ImTOO"
2006-07-29 12:49:56 ( .D... ) "C:\Program Files\SpywareGuard"
2006-07-29 12:49:52 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-29 12:47:32 ( .D... ) "C:\Program Files\QuickTime"
2006-07-29 12:44:22 ( AD... ) "C:\Program Files\MSN Messenger"
2006-07-29 12:42:54 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-07-29 12:39:02 ( .D... ) "C:\Program Files\Microsoft AntiSpyware"
2006-07-29 12:19:42 ( AD... ) "C:\Program Files\Internet Explorer"
2006-07-29 12:11:46 ( .D... ) "C:\Program Files\Google"
2006-07-29 12:11:22 ( AD... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-28 23:12:20 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-26 18:17:16 ( AD... ) "C:\Program Files\iolo"
2006-07-26 18:00:50 ( AD... ) "C:\Program Files\Lemonade Tycoon 2"
2006-07-26 17:48:08 ( .D... ) "C:\Program Files\ReflexiveArcade"
2006-07-26 00:08:12 ( .D... ) "C:\Program Files\Sony Pictures Games"
2006-07-25 18:44:06 ( .D... ) "C:\Program Files\Viewpoint"
2006-07-25 18:36:04 ( .D... ) "C:\Program Files\Azureus"
2006-07-25 06:14:50 ( .D... ) "C:\Program Files\Messenger Plus! 3"
2006-07-24 19:55:30 ( .D... ) "C:\Program Files\Diner Dash 2"
2006-07-24 14:44:16 ( .D... ) "C:\Program Files\Cake Mania"
2006-07-23 09:31:30 ( .D... ) "C:\Program Files\Zvsrul"
2006-07-22 15:59:16 ( AD... ) "C:\Program Files\Grisoft"
2006-07-11 2142 ( .D... ) "C:\Program Files\Corel"
2006-07-11 21:04:02 6686 ( A.SH. ) "C:\WINNT\system32\KGyGaAvL.sys"
2006-07-11 21:04:02 6686 ( A.SH. ) "C:\WINNT\system32\KGyGaAvL.sys"
2006-07-11 20:25:48 152 ( ..SHR ) "C:\WINNT\system32\07B81EF572.sys"
2006-07-11 20:25:48 152 ( ..SHR ) "C:\WINNT\system32\07B81EF572.sys"
2006-07-11 20:04:20 ( .D... ) "C:\Program Files\Free Download Manager"
2006-07-11 20:03:08 ( .D... ) "C:\Program Files\Paint Express"
2006-07-11 20:02:40 ( .D... ) "C:\Program Files\AKVIS"
2006-07-11 19:09:42 ( .D... ) "C:\Program Files\AutoSave"
2006-06-27 15:18:26 ( .D... ) "C:\Program Files\GameSpy Arcade"
2006-06-27 15:16:38 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-06-27 15:16:38 ( .D... ) "C:\Program Files\Infogrames Interactive"
2006-05-19 05:18:24 136976 ( A.... ) "C:\WINNT\system32\dnsapi.dll"
2006-05-19 05:18:24 89872 ( A.... ) "C:\WINNT\system32\DHCPCSVC.DLL"
2006-05-19 05:18:24 68368 ( A.... ) "C:\WINNT\system32\IPHLPAPI.DLL"
2005-02-11 12:52:04 298 ( A.... ) "C:\Program Files\INSTALL.LOG"
2003-08-05 07:08:58 21952 ( ...H. ) "C:\Program Files\folder.htt"
2003-08-05 07:08:58 271 ( ...H. ) "C:\Program Files\desktop.ini"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-05 18:59 82,432 C:\WINNT\system32\drmstor.dll
2006-08-05 18:59 301,712 C:\WINNT\system32\drmclien.dll
2006-07-29 11:27 73,728 C:\WINNT\system32\asuninst.exe
2006-07-29 11:27 11,776 C:\WINNT\system32\ZPORT4AS.dll
2006-07-23 04:39 127,208 C:\WINNT\system32\mucltui.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HPAIO_PrintFolderMgr"="C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\hpoopm07.exe"
"Logitech Utility"="Logi_MwX.Exe"
"Freedom"="C:\\Program Files\\Zero Knowledge\\Freedom\\Freedom.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"HPHmon04"="C:\\WINNT\\system32\\hphmon04.exe"
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"Synchronization Manager"="mobsync.exe /logon"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00002002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,10,03,00,00,1f,00,00,00,e0,00,00,00,d6,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"




Contents of the 'Scheduled Tasks' folder

Completion time: Tue 08/08/2006 5:48:44.99
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt
jacob2932 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-10-2006, 06:14 PM   #12 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Please submit the following file to Jotti File Scan
C:\WINNT\system32\07B81EF572.sys

This will produce a report after the scan is complete, please copy and paste those results in your next post

Delete this folder:
C:\Program Files\Zvsrul

Please open IE and go to
Kaspersky WebScanner

Next Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-11-2006, 06:41 AM   #13 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 32
OS: XP Home


C:\WINNT\system32\07B81EF572.sys doesn't exist on my computer, i searched for it, and showed hidden files, still nothing.

Deleted C:\Program Files\Zvsrul

Here's the WebScanner Report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 11, 2006 9:39:26 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/08/2006
Kaspersky Anti-Virus database records: 214005
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 105931
Number of viruses found: 17
Number of infected objects: 47 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:27:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.bin Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.dll Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.exe Infected: Trojan-Dropper.Win32.Agent.bv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP1.bin Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP1.dll Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP1.exe Infected: Trojan-Dropper.Win32.Agent.bv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP2.bin Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP2.dll Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP2.exe Infected: Trojan-Dropper.Win32.Agent.bv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP3.bin Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP3.dll Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP3.exe Infected: Trojan-Dropper.Win32.Agent.bv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP4.bin Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP4.dll Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP4.exe Infected: Trojan-Dropper.Win32.Agent.bv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP5.bin Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP5.dll Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP5.exe Infected: Trojan-Dropper.Win32.Agent.bv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP6.bin Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP6.dll Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP6.exe Infected: Trojan-Dropper.Win32.Agent.bv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP7.bin Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP7.dll Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP8.bin Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP8.dll Infected: Trojan.Win32.StartPage.is skipped
C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\history.dat Object is locked skipped
C:\Documents and Settings\mangemeer\Application Data\Mozilla\Firefox\Profiles\default.wmp\parent.lock Object is locked skipped
C:\Documents and Settings\mangemeer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\mangemeer\Desktop\Desktop\iMeshV4.exe/WISE0019.BIN Infected: not-a-virus:Server-Proxy.Win32.MarketScore.f skipped
C:\Documents and Settings\mangemeer\Desktop\Desktop\iMeshV4.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.MyWay.k skipped
C:\Documents and Settings\mangemeer\Desktop\Desktop\iMeshV4.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d skipped
C:\Documents and Settings\mangemeer\Desktop\Desktop\iMeshV4.exe/WISE0029.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104 skipped
C:\Documents and Settings\mangemeer\Desktop\Desktop\iMeshV4.exe WiseSFX: infected - 4 skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\Identities\{5419AD30-EEE7-4A6C-A932-42FE8A92778A}\Microsoft\Outlook Express\Deleted Items.dbx/[From FlagStar <aw-survey@flagstar.com>][Date Fri, 04 Aug 2006 06:19:55 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Fraud.l skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\Identities\{5419AD30-EEE7-4A6C-A932-42FE8A92778A}\Microsoft\Outlook Express\Deleted Items.dbx/[From FlagStar <aw-survey@flagstar.com>][Date Fri, 04 Aug 2006 06:19:55 -0400]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\Identities\{5419AD30-EEE7-4A6C-A932-42FE8A92778A}\Microsoft\Outlook Express\Deleted Items.dbx/[From FlagStar <aw-survey@flagstar.com>][Date Fri, 04 Aug 2006 06:19:55 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\Identities\{5419AD30-EEE7-4A6C-A932-42FE8A92778A}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 3 skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Temp\~DF6BFD.tmp Object is locked skipped
C:\Documents and Settings\mangemeer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\mangemeer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\mangemeer\ntuser.dat.LOG Object is locked skipped
C:\Media\sys\system\config\Firewall.bat Infected: Trojan.BAT.KillAV.aj skipped
C:\Media\sys\system\config\WinMedia.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.5000 skipped
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.d skipped
C:\RECYCLER\S-1-5-21-1757981266-113007714-1343024091-1001\Dc14\AudioBodyReal.exe Infected: Trojan-Downloader.Win32.Swizzor.dt skipped
C:\RECYCLER\S-1-5-21-1757981266-113007714-1343024091-1001\Dc15.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\RECYCLER\S-1-5-21-1757981266-113007714-1343024091-1001\Dc6\INTRA DELETE.dll Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\RECYCLER\S-1-5-21-1757981266-113007714-1343024091-1001\Dc6\Warn active.dll Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\WINNT\Cheats24.org[cheats24-org,de,1].exe Infected: not-a-virus:Porn-Dialer.Win32.Star skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\ACEEvent.evt Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\Perflib_Perfdata_440.dat Object is locked skipped
C:\WINNT\system32\rmtcfg\files\copy\rmtcfg.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.d skipped
C:\WINNT\system32\rmtcfg\files\mdll.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\WINNT\system32\rmtcfg\files\randoms.mrc Infected: Backdoor.IRC.Cloner skipped
C:\WINNT\system32\rmtcfg\files\scanrand2.mrc Infected: Backdoor.IRC.Cloner skipped
C:\WINNT\system32\rmtcfg\rmtcfg.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.d skipped
C:\WINNT\system32\wbem\Repository\CIM.REP Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.
jacob2932 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-12-2006, 06:12 PM   #14 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Unzip it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINNT\system32\config
    C:\WINNT\system32\rmtcfg
    C:\Documents and Settings\mangemeer\Start Menu\Programs\Startup\csrss.lnk

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Post a new Hijackthis log here.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-12-2006, 08:19 PM   #15 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 32
OS: XP Home


C:\WINNT\system32\rmtcfg doesn't exist on my pc, the other 2 were deleted. Everything ran smoothly.

Heres the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:13:19 PM, on 8/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINNT\system32\hphmon04.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\mangemeer\Application Data\Mozilla\Profiles\default\rjffrnfg.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: =>&Français - http:\\wordreference.com\fr\j\iefr119.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mangemeer\Start Menu\Programs\IMVU2\Run IMVU.lnk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153597593509
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://oweb.peelschools.org/jinitiator/jinit.exe
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/Eng...o%20French.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7BA95A0-6526-4FE4-AEE5-4044C68238F9}: Domain = enersource.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sympatico.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sympatico.ca
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\NETASS~1\SMARTB~1\SBHookSvc.exe
jacob2932 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-12-2006, 08:23 PM   #16 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Is the PC running any better or is it still moving at a crawl?
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-12-2006, 09:53 PM   #17 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 32
OS: XP Home


Still moving at a crawl, I see no improvement, sorry.
jacob2932 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-12-2006, 11:43 PM   #18 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Download GMER to your desktop.
  • Right Click the Zip and Select Extract All.
  • Open GMER and Click the Tab labeled RootKit.
  • Now Click Scan, it will take a while for the scan to complete.
  • Once done, Copy the results to Notepad and post them in the next reply.

Download WinPFind-Unzip it to the desktop, but do not run it yet

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

Double click WinPFind.exe

* Click 'Start Scan'
* It will scan the entire system, so please be patient!
* Once the scan is complete:
1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Copy those results in the next post!

Reboot back to Normal Mode!
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-13-2006, 06:55 PM   #19 (permalink)
Registered User
 
Join Date: Jul 2006
Posts: 32
OS: XP Home


Here's the 2 scan logs. In the task manager under processes, i have CSRSS.exe still running, and 3 CLI.exe's running. Is this csrss a good one now? And are there supposed to be three CLI's? Thanks.

GMER log:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-13 12:17:25
Windows 5.0.2195 Service Pack 4


---- System - GMER 1.0.10 ----

SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwClose
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwCreateKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwFlushKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwOpenKey
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwClose
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwCreateFile
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwCreateSection
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwOpenFile
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwWriteFile

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B6F66A80] css-dvp.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSEIRP_MJ_READ [B6F66C00] css-dvp.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B6F66AE0] css-dvp.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B6F66BA0] css-dvp.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE [B6F66F70] css-dvp.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSEIRP_MJ_READ [B6F670F0] css-dvp.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [B6F66FD0] css-dvp.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [B6F6A040] css-dvp.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [B6F67090] css-dvp.sys
Device \Driver\FreeTdi \??\LATERALUS IRP_MJ_SHUTDOWN [ED50485A] avgtdi.sys

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\tracking.log

---- EOF - GMER 1.0.10 ----

WinPFind Log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 2/16/2005 1116 AM 218112 C:\HijackThis.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 2/24/2004 5:58:16 PM 146642 C:\WINNT\Cheats24.org[cheats24-org,de,1].exe
UPX! 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
FSG! 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
PEC2 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
aspack 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
abetterinternet.com 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
web-nex 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
ad-w-a-r-e.com 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
UPX! 5/17/2004 5:05:18 AM 44032 C:\WINNT\Unwash5.exe

Checking %System% folder...
aspack 5/3/2006 4:30:06 PM 1212928 C:\WINNT\SYSTEM32\Incinerator.dll
PTech 7/12/2005 6:04:22 PM 520456 C:\WINNT\SYSTEM32\LegitCheckControl.dll
PECompact2 8/2/2006 9:22:50 PM 8255912 C:\WINNT\SYSTEM32\MRT.exe
aspack 8/2/2006 9:22:50 PM 8255912 C:\WINNT\SYSTEM32\MRT.exe
Umonitor 1/12/2005 3:39:46 PM 531216 C:\WINNT\SYSTEM32\RASDLG.DLL
winsync 7/24/2002 8:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu
UPX! 8/8/2003 2:20:58 PM R 252416 C:\WINNT\SYSTEM32\wget.exe

Checking %System%\Drivers folder and sub-folders...
UPX! 8/7/2006 9:38:46 AM 777472 C:\WINNT\SYSTEM32\drivers\avg7core.sys
FSG! 8/7/2006 9:38:46 AM 777472 C:\WINNT\SYSTEM32\drivers\avg7core.sys
PEC2 8/7/2006 9:38:46 AM 777472 C:\WINNT\SYSTEM32\drivers\avg7core.sys
aspack 8/7/2006 9:38:46 AM 777472 C:\WINNT\SYSTEM32\drivers\avg7core.sys
aspack 5/2/2004 10:51:44 AM R 498264 C:\WINNT\SYSTEM32\drivers\css-dvp.sys

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts


Items found in C:\WINNT\SYSTEM32\drivers\etc\LMhosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/13/2006 12:18:02 PM H 256398 C:\WINNT\ShellIconCache
8/13/2006 12:22:12 PM S 64 C:\WINNT\CSC\00000001
8/9/2006 6:33:28 PM S 64 C:\WINNT\CSC\00000002
8/7/2006 1:20:54 AM S 64 C:\WINNT\CSC\csc1.tmp
7/23/2006 4:39:50 AM H 0 C:\WINNT\inf\oem36.inf
7/11/2006 8:25:48 PM RHS 152 C:\WINNT\system32\07B81EF572.sys
7/11/2006 9:04:02 PM HS 6686 C:\WINNT\system32\KGyGaAvL.sys
8/13/2006 12:23:26 PM H 1024 C:\WINNT\system32\config\default.LOG
8/13/2006 12:34:16 PM H 1024 C:\WINNT\system32\config\SAM.LOG
8/13/2006 12:31:00 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG
8/13/2006 1:51:38 PM H 1024 C:\WINNT\system32\config\software.LOG
8/13/2006 12:22:16 PM H 6 C:\WINNT\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 7/24/2002 8:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL
Microsoft Corporation 7/24/2002 8:00:00 AM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 118032 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 36112 C:\WINNT\SYSTEM32\irprops.cpl
Macrovision Corporation 8/11/2005 4:29:46 PM 73728 C:\WINNT\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 10/30/2001 8:10:00 AM 326144 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems 2/22/2004 11:44:42 PM 61555 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 122128 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 303888 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 17168 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 41232 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 41232 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINNT\SYSTEM32\QuickTime.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 7/24/2002 8:00:00 AM 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 61200 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 1/12/2005 3:40:00 PM 64784 C:\WINNT\SYSTEM32\dllcache\msmq.cpl
IBM Corporation 9/23/1999 6:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
1/4/2006 6:59:38 PM 1669 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
1/4/2006 7:04:50 PM 663 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
7/20/2006 11:38:06 PM 690 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/4/2006 7:23:48 PM 1477 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
7/4/2004 2:29:44 PM 540 C:\Documents and Settings\mangemeer\Start Menu\Programs\Startup\SpywareGuard.lnk

Checking files in %USERPROFILE%\Application Data folder...
11/6/2005 9:23:46 PM 88416 C:\Documents and Settings\mangemeer\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{81559C35-8464-49F7-BB0E-07A383BEF910} = C:\Program Files\SpywareGuard\spywareguard.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Macromedia.FlashPaper.ContextMenu
{9DED7A30-D572-4D21-8D82-6945EA697400} = C:\Program Files\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TheCleaner
{2DE506B9-4320-11d3-8E42-002035221EDA} = C:\Program Files\The Cleaner\tcshellex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Washer
{6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}
= C:\Program Files\Zero Knowledge\Freedom\AVContextR.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TheCleaner
{2DE506B9-4320-11D3-8E42-002035221EDA} = C:\Program Files\The Cleaner\tcshellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}
= C:\Program Files\Zero Knowledge\Freedom\AVContextR.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TheCleaner
{2DE506B9-4320-11D3-8E42-002035221EDA} = C:\Program Files\The Cleaner\tcshellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Washer
{6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}
= C:\Program Files\Zero Knowledge\Freedom\AVContextR.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}
PopKill Class = C:\Program Files\Zero Knowledge\Freedom\pkR.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}
ZKBho Class = C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Toolbar : C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-ca\msntb.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINNT\system32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}
ButtonText = Run IMVU : C:\Documents and Settings\mangemeer\Start Menu\Programs\IMVU2\Run IMVU.lnk

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} = :
{4EC4CD8A-8B52-6583-5200-0771A1F3C89B} = driveamok : C:\PROGRA~1\DARTPR~1\INTRA DELETE.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} = AIM Search : C:\Program Files\AIM Toolbar\AIMBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HPAIO_PrintFolderMgr C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
Logitech Utility Logi_MwX.Exe
Freedom C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
HPHmon04 C:\WINNT\system32\hphmon04.exe
HPHUPD04 "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
Synchronization Manager mobsync.exe /logon
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149
CDRAutoRun 0
SpecifyDefaultButtons 0
Btn_Search 0
NoBandCustomize 0
NoToolbarCustomize 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 1
NoAdminPage 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINNT\system32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/13/2006 4:52:03 PM
jacob2932 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 08-13-2006, 10:36 PM   #20 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Go to Start > Run
Type:
  • regedit
Click OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put backup
  • Choose to save it to C:\
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Open Notepad and copy and paste everything from the box below.
Code:
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}"=-
"{4EC4CD8A-8B52-6583-5200-0771A1F3C89B}"=-
Click on File, Save it to your desktop, in file name save as
LOP.reg
click OK.

Next go to your desktop and double click on LOP.reg, allow it to merge to the registry. It should give you a prompt "sucessfully merged".

Post a new Hijackthis log. Is the PC still running poorly?
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:52 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84