|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
12-03-2005, 07:26 AM
|
#1 (permalink) |
|
Registered User
Join Date: Feb 2005
Posts: 30
OS: Win XP Home
|
infected by pop-ups
Please help me..
My computer keeps reminding me that it has been infected by spyware and that Windows will download and install the most up-to-date antispyware for me. If I click it downloads Spyaxe which does nothing unless I register or buy the full version. I cannot get rid of that spyware, and the pop-ups keep coming up even though I do nothing. I hope you can help me |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
12-03-2005, 11:56 AM
|
#2 (permalink) |
|
Assistant Manager, Microsoft Support
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 14,142
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7
|
Hello and Welcome to TSF
Download the trial version of Ewido Security Suite · Install Ewido. · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". · Launch ewido. · It will prompt you to update click the OK button and it will go to the main screen. · On the left side of the main screen click update. · Click on Start and let it update. · DO NOT run a scan yet. Restart your computer into Safe Mode now. (Start tapping the F8 key at Startup, before the Windows logo screen). Perform the following steps in Safe Mode: * Run Ewido: Click on scanner Click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When the scan is finished, look at the bottom of the screen and click the Save report button. Save the report to your desktop. Reboot. Next: 1) Save Uninstallers.zip from http://www.spyaxe.com/uninstall/uninstallers.zip to your desktop or HDD. 2) Extract 2 files "illegal_adv_uninstall1.exe" and "illegal_adv_uninstall2.exe" to your desktop or your HDD using WinZip. 3) Execute both of them one by one by double-clicking with your mouse. 4) Reboot your PC 5) Your PC is now clean from the infections. 6) Go to 'add/remove programs' under control panel to uninstall the SpyAxe program if still there. Scan your pc with this free online scanners: Panda ActiveScan Download and install: HiJackThis. (Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders or Desktop. A good place to make a folder would be in My Documents, as this is where it will save the backup files needed if there's a problem.) Then doubleclick HijackThis.exe, and hit "Do A System Scan And Save Log". Make sure all Windows and Browsers are closed. When the scan is finished, best to save your text file in the same folder as where you put HiJackthis. Copy/Paste the info from your saved Hijackthis log file and the results of the Ewido scan into this thread.
__________________
 .jpg) Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista Or Windows 7 How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!! The Pittsburgh Penguins - 2009 Stanley Cup Champions !!!!!!! 
|
|
|
|
|
12-03-2005, 01:17 PM
|
#3 (permalink) |
|
Registered User
Join Date: Feb 2005
Posts: 30
OS: Win XP Home
|
I cannot save the uninstallers.zip file. When I click the link in your reply, my Internet Explorer opens but nothing happens. Instead I get a message in the top of the window saying:
"The page you are looking for is blocked by the adware on your PC. Remove it with Spy Trooper software. CLICK HERE" |
|
|
|
|
12-03-2005, 01:37 PM
|
#4 (permalink) |
|
Assistant Manager, Microsoft Support
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 14,142
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7
|
Go to C:\Program Files and look for a folder called Spyaxe. Open the folder see if there is an uninstaller in there. If there is uninstall it.
If ther is not, go to Add/Remove Programs and remove if listed in there. Let me know
__________________
Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista Or Windows 7 How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!! The Pittsburgh Penguins - 2009 Stanley Cup Champions !!!!!!!
|
|
|
|
|
12-03-2005, 01:48 PM
|
#5 (permalink) |
|
Registered User
Join Date: Feb 2005
Posts: 30
OS: Win XP Home
|
I uninstalled spyaxe, but two files was not deleted. I found out spyaxe was still running. I closed the program, and deleted the two files manually. Then I checked in Add/remove programs and spyaxe was not there. (But it was earlier). Your link is still not working.
|
|
|
|
|
12-03-2005, 02:04 PM
|
#6 (permalink) |
|
Assistant Manager, Microsoft Support
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 14,142
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7
|
Try this SpyAxeFix.exe.
__________________
Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista Or Windows 7 How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!! The Pittsburgh Penguins - 2009 Stanley Cup Champions !!!!!!!
|
|
|
|
|
12-03-2005, 04:16 PM
|
#7 (permalink) |
|
Registered User
Join Date: Feb 2005
Posts: 30
OS: Win XP Home
|
Spyaxe has now been removed, but your link still doesn't work. After restarting, I am no longer constantly reminded by Windows that my computer is infected by spyware. But I am still getting pop-ups.
Is Spyaxe bad even though it's antispyware? |
|
|
|
|
12-03-2005, 04:37 PM
|
#8 (permalink) |
|
Assistant Manager, Microsoft Support
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 14,142
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7
|
I can successfully click on the SpyAxeFix.exe in reply #6.
Run Ewido Security Suite as stated in my reply and then post a HJT log by following my instructions
__________________
Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista Or Windows 7 How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!! The Pittsburgh Penguins - 2009 Stanley Cup Champions !!!!!!!
|
|
|
|
|
12-04-2005, 05:21 AM
|
#9 (permalink) |
|
Registered User
Join Date: Feb 2005
Posts: 30
OS: Win XP Home
|
Your spyaxefix.exe in reply #6 seemed to work. I have not seen spyaxe after using spyaxefix.
It was your link in reply #2 that still didn't work. Here is the Ewido report (before the problems with downloading the spyaxe uninstalelrs): --------------------------------------------------------- ewido security suite - Scanningsrapport --------------------------------------------------------- + Oprettet den: 21:12:33, 03-12-2005 + Rapport-Checksum: 9EFD25F9 + Scanningsresultat: HKLM\SOFTWARE\backup\EliteSideBar -> Spyware.EliteBar : Renset med backup HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Renset med backup HKLM\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252} -> Spyware.NewDotNet : Renset med backup HKLM\SOFTWARE\Classes\CLSID\{FA6548E9-78F5-4025-9D7B-FC1367789C38} -> Spyware.SearchMiracle : Renset med backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{82315A18-6CFB-44a7-BDFD-90E36537C252} -> Spyware.NewDotNet : Renset med backup HKLM\SOFTWARE\ohbbackup -> Spyware.EliteBar : Renset med backup HKLM\SOFTWARE\ohbbackup\EliteSideBar -> Spyware.EliteBar : Renset med backup HKLM\SOFTWARE\ohbbackup\EliteToolBar -> Spyware.EliteBar : Renset med backup HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Renset med backup HKU\S-1-5-21-433411110-2630894939-2864569539-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Renset med backup HKU\S-1-5-21-433411110-2630894939-2864569539-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Renset med backup HKU\S-1-5-21-433411110-2630894939-2864569539-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FA6548E9-78F5-4025-9D7B-FC1367789C38} -> Spyware.SearchMiracle : Renset med backup [480] C:\Programmer\NewDotNet\newdotnet6_98.dll -> Spyware.NewDotNet : Renset med backup [732] C:\Programmer\NewDotNet\newdotnet6_98.dll -> Spyware.NewDotNet : Fejl under renselse C:\Documents and Settings\Kristian Milo Hauge\Dokumenter\Spil\MonopolyTycoonSetup-dm.exe -> Spyware.Trymedia : Renset med backup C:\Documents and Settings\Kristian Milo Hauge\Dokumenter\Spil\RiskIISetup-dm.exe -> Spyware.Trymedia : Renset med backup C:\hjt\backups\backup-20050220-223213-762.dll -> Dialer.Generic : Renset med backup C:\Program Files\SpyTrooper\Uninstall.exe -> Adware.SpySheriff : Renset med backup C:\Programmer\filesubmit\stacykeibler.zip\NNEZTA388.exe -> Spyware.NewDotNet : Renset med backup C:\Programmer\filesubmit\stacykeibler.zip\TBEZA127Q.exe -> Spyware.Quick : Renset med backup C:\Programmer\NewDotNet\newdotnet6_98.dll -> Spyware.NewDotNet : Renset med backup C:\Programmer\NewDotNet\uninstall6_38.exe -> Spyware.NewDotNet : Renset med backup C:\Programmer\NewDotNet\uninstall6_98.exe -> Adware.NewDotNet : Renset med backup C:\Programmer\QuickSearch\QuickSearchBar1_27.dll -> Spyware.Quick : Renset med backup C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Renset med backup C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Renset med backup C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Renset med backup C:\WINDOWS\system32\1024\ldF464.tmp -> Trojan.Small : Renset med backup C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Renset med backup C:\WINDOWS\system32\hpDED2.tmp -> Downloader.Zlob.br : Renset med backup renset med backup means: "cleaned with backup" Panda activescan report Incident Status Location Adware:adware/spyaxe Not desinfected C:\WINDOWS\System32\hpB001.tmp Adware:adware/securityerror Not desinfected C:\WINDOWS\System32\mssearchnet.exe Adware:adware/spyaxe Not desinfected C:\WINDOWS\SYSTEM32\hpB001.tmp Adware:adware/securityerror Not desinfected C:\WINDOWS\SYSTEM32\mscornet.exe Adware:adware/sidesearch Not desinfected C:\PROGRAMMER\Lycos Spyware:spyware/new.net Not desinfected C:\PROGRAMMER\NewDotNet Adware:adware/quicksearch Not desinfected C:\PROGRAMMER\QuickSearch Adware:adware/elitebar Not desinfected C:\Documents and Settings\Kristian Milo Hauge\Foretrukne\Finances & Business Adware:adware/ist.istbar Not desinfected C:\PROGRAMMER\FLLES FILER\Totem Shared Adware:adware/antivirus-gold Not desinfected Windows Registry Adware:Adware/ISearch Not desinfected C:\hjt\backups\backup-20050220-223212-619.inf Adware:Adware/EliteBar Not desinfected C:\WINDOWS\blocklist.reg Adware:Adware/EliteBar Not desinfected C:\WINDOWS\system32\bhosave.dat HijackThis logfile Logfile of HijackThis v1.99.1 Scan saved at 13:22:52, on 04-12-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\nvctrl.exe C:\WINDOWS\System32\mssearchnet.exe C:\WINDOWS\htpatch.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\DitExp.exe C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Programmer\ewido\security suite\ewidoctrl.exe c:\programmer\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Programmer\Browser mouse\1.1\mouse32a.exe C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\programmer\mcafee.com\agent\mcagent.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\svchost.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Programmer\Messenger\msmsgs.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Programmer\Internet Explorer\iexplore.exe C:\hjt\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\System32\hpB001.tmp O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Programmer\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing) O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [PCMService] C:\Programmer\Medion Home CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Programmer\Browser mouse\1.1\mouse32a.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] "C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Eyetide Launcher.lnk = C:\Programmer\Eyetide Media\Eyetide Viewer\EyetideController.exe O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\programmer\newdotnet\newdotnet6_98.dll' missing O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
|
|
12-04-2005, 10:55 AM
|
#10 (permalink) |
|
Assistant Manager, Microsoft Support
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 14,142
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7
|
IMPORTANT!:
Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2 (SP2). SP2 should only be installed on a fully disinfected system.) At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online. Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately its also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here. Thank you for your cooperation.
__________________
Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista Or Windows 7 How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!! The Pittsburgh Penguins - 2009 Stanley Cup Champions !!!!!!!
|
|
|
|
|
12-04-2005, 01:46 PM
|
#12 (permalink) |
|
Assistant Manager, Microsoft Support
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 14,142
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7
|
Yes please
__________________
Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista Or Windows 7 How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!! The Pittsburgh Penguins - 2009 Stanley Cup Champions !!!!!!!
|
|
|
|
|
12-05-2005, 12:27 PM
|
#13 (permalink) |
|
Registered User
Join Date: Feb 2005
Posts: 30
OS: Win XP Home
|
Here are the log files after installing updates.
Ewido report: --------------------------------------------------------- ewido security suite - Scanningsrapport --------------------------------------------------------- + Oprettet den: 00:37:29, 05-12-2005 + Rapport-Checksum: C19E5FA0 + Scanningsresultat: C:\Documents and Settings\Kristian Milo Hauge\Cookies\kristian milo hauge@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Renset med backup C:\Documents and Settings\Kristian Milo Hauge\Cookies\kristian milo hauge@adtech[1].txt -> Spyware.Cookie.Adtech : Renset med backup C:\Documents and Settings\Kristian Milo Hauge\Cookies\kristian milo hauge@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Renset med backup C:\Documents and Settings\Kristian Milo Hauge\Cookies\kristian milo hauge@microsoftwga.112.2o7[2].txt -> Spyware.Cookie.2o7 : Renset med backup C:\Documents and Settings\Kristian Milo Hauge\Cookies\kristian milo hauge@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Renset med backup C:\Documents and Settings\Kristian Milo Hauge\Lokale indstillinger\Temporary Internet Files\Content.IE5\T8GV914P\mm[2].js -> Spyware.Chitika : Renset med backup ::Rapport **** Panda ActiveScan report: Incident Status Location Adware:adware/spyaxe Not desinfected C:\WINDOWS\System32\hpB0BD.tmp Adware:adware/securityerror Not desinfected C:\WINDOWS\System32\mssearchnet.exe Adware:adware/spyaxe Not desinfected C:\WINDOWS\SYSTEM32\hpB0BD.tmp Adware:adware/securityerror Not desinfected C:\WINDOWS\SYSTEM32\mscornet.exe Adware:adware/sidesearch Not desinfected C:\PROGRAMMER\Lycos Spyware:spyware/new.net Not desinfected C:\PROGRAMMER\NewDotNet Adware:adware/quicksearch Not desinfected C:\PROGRAMMER\QuickSearch Adware:adware/elitebar Not desinfected C:\Documents and Settings\Kristian Milo Hauge\Foretrukne\Finances & Business Adware:adware/ist.istbar Not desinfected C:\PROGRAMMER\FLLES FILER\Totem Shared Adware:adware/antivirus-gold Not desinfected Windows Registry Adware:Adware/SecurityError Not desinfected C:\Documents and Settings\Kristian Milo Hauge\Lokale indstillinger\Temporary Internet Files\Content.IE5\OFRVASHD\sec1-adls[1] Adware:Adware/ISearch Not desinfected C:\hjt\backups\backup-20050220-223212-619.inf Adware:Adware/EliteBar Not desinfected C:\WINDOWS\blocklist.reg Adware:Adware/EliteBar Not desinfected C:\WINDOWS\system32\bhosave.dat HijackThis logfile: Logfile of HijackThis v1.99.1 Scan saved at 20:29:06, on 05-12-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\nvctrl.exe C:\WINDOWS\System32\mssearchnet.exe C:\WINDOWS\htpatch.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\Programmer\Browser mouse\1.1\mouse32a.exe C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmer\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\DitExp.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Programmer\ewido\security suite\ewidoctrl.exe c:\programmer\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Programmer\Messenger\msmsgs.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\hjt\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\System32\hpB0BD.tmp O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Programmer\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing) O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [PCMService] C:\Programmer\Medion Home CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Programmer\Browser mouse\1.1\mouse32a.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] "C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Eyetide Launcher.lnk = C:\Programmer\Eyetide Media\Eyetide Viewer\EyetideController.exe O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\programmer\newdotnet\newdotnet6_98.dll' missing O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Thank you so much for helping. |
|
|
|
|
12-05-2005, 02:29 PM
|
#14 (permalink) |
|
Assistant Manager, Microsoft Support
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 14,142
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7
|
I am currently reviewing your log and I will be back with a fix for your problem a.s.a.p
Please be patient with me during this time.
__________________
Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista Or Windows 7 How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!! The Pittsburgh Penguins - 2009 Stanley Cup Champions !!!!!!!
|
|
|
|
|
12-05-2005, 02:45 PM
|
#15 (permalink) |
|
Assistant Manager, Microsoft Support
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 14,142
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7
|
You have the latest variant of the PUPER.G/SmitFraud/PSGuard/SpyAxe trojan. Please follow these instructions
Download SmitRem.zip and save the file to your desktop. Right click on the file and extract it to it's own folder on the desktop. Place a shortcut to Panda ActiveScan on your desktop. Please download the trial version of Ewido Security Suite Please read Ewido Setup Instructions Install it, and update the definitions to the newest files. Do NOT run a scan yet. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Ad-Aware SE Setup Don't run it yet! Next, please reboot your computer in SafeMode (By repeatedly tapping the F8 key until the menu appears). Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply Open Ad-aware SE and do a full scan. Remove all it finds. Run Ewido Security Suite:
Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present. Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked! Save the scan log and post it along with a new HijackThis Log and the Ewido Log by using Add Reply.
__________________
Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista Or Windows 7 How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!! The Pittsburgh Penguins - 2009 Stanley Cup Champions !!!!!!!
|
|
|
|
|
12-05-2005, 04:07 PM
|
#17 (permalink) |
|
Assistant Manager, Microsoft Support
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 14,142
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7
|
MSMCMAHON please do not hijack this thread, Follow these instructions for assistance
1. Download SpyAxeFix.exe. 2. Save it to your desktop. 3. Close all other programs and windows. 4. Double click SpyAxeFix.exe, then click Start to extract the tool to it's own folder. 5. Open the SpyAxeFix folder and double click the SpyAxeFix.bat to start the tool. At one point when the tool runs, your taskbar will dissappear, and your computer will restart when the tool completes. 6. A text file named spyaxe.txt will be created in the SpyAxeFix folder. NEXT Download and install: HiJackThis. (Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders or Desktop. A good place to make a folder would be in My Documents, as this is where it will save the backup files needed if there's a problem.) Then doubleclick HijackThis.exe, and hit "Do A System Scan And Save Log". Make sure all Windows and Browsers are closed. When the scan is finished, best to save your text file in the same folder as where you put HiJackthis. IMPORTANT!!! Create a New Topic and include a fresh HJT log in the HiJackThisLog Help Forum and Copy/Paste the info from your saved Hijackthis log and the text file named spyaxe.txt into your new topic. A Moderator/ Security Team Analyst will give you instructions. ***DO NOT TRY TO FIX ANYTHING, MAJOR DAMAGE CAN BE DONE TO YOUR SYSTEM IF THIS TOOL IS USED INCORRECTLY, PLEASE WAIT FOR AN ANALYST/MODERATOR TO GIVE YOU INSTRUCTIONS***
__________________
Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista Or Windows 7 How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!! The Pittsburgh Penguins - 2009 Stanley Cup Champions !!!!!!!
|
|
|
|
|
12-07-2005, 09:25 AM
|
#18 (permalink) |
|
Registered User
Join Date: Feb 2005
Posts: 30
OS: Win XP Home
|
I think Smitrem removed the spyware. Seen running Smitrem in Safe Mode i have not received any message from Windows saying that my computer is infected.
The log created by smitRem: smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ 1024 dir msvol.tlb ld****.tmp mssearchnet.exe ncompat.tlb nvctrl.exe mscornet.exe hp***.tmp ~~~ Icons in System32 ~~~ ts.ico ot.ico ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 924 'explorer.exe' Killing PID 924 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) The Ewido log: --------------------------------------------------------- ewido security suite - Scanningsrapport --------------------------------------------------------- + Oprettet den: 16:23:02, 07-12-2005 + Rapport-Checksum: 66316833 + Scanningsresultat: C:\Documents and Settings\Kristian Milo Hauge\Cookies\kristian milo hauge@com[2].txt -> Spyware.Cookie.Com : Renset med backup ::Rapport **** The Panda ActiveScan report: Incident Status Location Adware:adware/securityerror Not desinfected C:\Documents and Settings\Kristian Milo Hauge\Foretrukne\Antivirus Test Online.url Adware:adware/sidesearch Not desinfected C:\PROGRAMMER\Lycos Spyware:spyware/new.net Not desinfected C:\PROGRAMMER\NewDotNet Adware:adware/quicksearch Not desinfected C:\PROGRAMMER\QuickSearch Adware:adware/elitebar Not desinfected C:\Documents and Settings\Kristian Milo Hauge\Foretrukne\Finances & Business Adware:adware/ist.istbar Not desinfected C:\PROGRAMMER\FLLES FILER\Totem Shared Adware:adware/antivirus-gold Not desinfected Windows Registry Adware:Adware/SecurityError Not desinfected C:\Documents and Settings\Kristian Milo Hauge\Lokale indstillinger\Temporary Internet Files\Content.IE5\OFRVASHD\sec1-adls[1] Adware:Adware/ISearch Not desinfected C:\hjt\backups\backup-20050220-223212-619.inf Adware:Adware/EliteBar Not desinfected C:\WINDOWS\blocklist.reg Adware:Adware/EliteBar Not desinfected C:\WINDOWS\system32\bhosave.dat The HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 17:22:46, on 07-12-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Brmfrmps.exe C:\Programmer\ewido\security suite\ewidoctrl.exe c:\programmer\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\htpatch.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\Programmer\Browser mouse\1.1\mouse32a.exe C:\WINDOWS\DitExp.exe C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\System32\ctfmon.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Programmer\Messenger\msmsgs.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Programmer\Internet Explorer\iexplore.exe C:\hjt\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Programmer\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing) O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [PCMService] C:\Programmer\Medion Home CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Programmer\Browser mouse\1.1\mouse32a.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] "C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Eyetide Launcher.lnk = C:\Programmer\Eyetide Media\Eyetide Viewer\EyetideController.exe O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\programmer\newdotnet\newdotnet6_98.dll' missing O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
|
|
12-07-2005, 12:11 PM
|
#19 (permalink) |
|
Assistant Manager, Microsoft Support
Join Date: Jan 2005
Location: Six-burgh, Pennsylvania
Posts: 14,142
OS: 98SE/WinXP Home/WinXP Pro/Vista/Windows 7
|
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.
Download WinsockFix and unzip it. Then double-click on it to run it. Go to My Computer >Tools >View >Folder Options tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: NewDotNet Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O3 - Toolbar: &EyeTideBar - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - C:\Programmer\Eyetide Media\Eyetide Viewer\Toolbar\ETBar.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing) O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing) O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) Please remember to close all other windows, including browsers then click Fix checked. Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\PROGRA~1\NEWDOT~1\ Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: *Click "Options..." *Move the arrow down to "Custom CleanUp!" *Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck this option) Cleanup! All Users Click OK Press the CleanUp! button to start the program. Reboot/logoff when prompted. Empty your Recycle Bin. Reboot your System in normal mode. Please post a fresh Hijack This log so that we can check if your system is clean.
__________________
Compare NOD32 to your current antivirus and anti-spyware solution, HERE How to back up and restore the registry in Windows XP and Windows Vista Or Windows 7 How to back up and restore the registry in Windows 98/ ME / NT 4.0 / 2000 I DO NOT ACCEPT EMAILS AND WILL NOT REPLY TO THEM !!!!! TSF DOES NOT SUPPORT ASSISTANCE THROUGH EMAIL OR PRIVATE MESSAGES, PLEASE KEEP ALL QUESTIONS IN THE OPEN FORUM The Pittsburgh Steelers - 6 X Superbowl Champions !!!!!!! The Pittsburgh Penguins - 2009 Stanley Cup Champions !!!!!!!
|
|
|
|
|
12-07-2005, 02:25 PM
|
#20 (permalink) |
|
Registered User
Join Date: Feb 2005
Posts: 30
OS: Win XP Home
|
The new log file created by HijackThis looks like this:
Logfile of HijackThis v1.99.1 Scan saved at 22:29:21, on 07-12-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Brmfrmps.exe C:\Programmer\ewido\security suite\ewidoctrl.exe c:\programmer\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\htpatch.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\Dit.exe C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\Programmer\Browser mouse\1.1\mouse32a.exe C:\WINDOWS\DitExp.exe C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmer\MSN Messenger\MsnMsgr.Exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Programmer\Messenger\msmsgs.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\wuauclt.exe C:\hjt\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [PCMService] C:\Programmer\Medion Home CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Programmer\Browser mouse\1.1\mouse32a.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] "C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Eyetide Launcher.lnk = C:\Programmer\Eyetide Media\Eyetide Viewer\EyetideController.exe O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
|
| Thread Tools | |
|
|
