Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
 
 Closed TopicStart new topic
Hijackthis Log posted, Please help [CLOSED]
zlpmicrobezlp
post Mar 7 2006, 05:02 AM
Post #1


Member
**
Posts: 17
OS: Windows XP
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\system32\searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://e-plus.cc/search.php?aff_id=46&keyword=%s
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [psp1resx] C:\WINDOWS\System32\psp1resx.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [msrecr40] C:\WINDOWS\System32\msrecr40.exe
O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe
O4 - HKCU\..\Run: [197_150_ni_2] C:\WINDOWS\System32\197_150_ni_2.exe
O4 - HKCU\..\Run: [198_150_ni_7] "C:\WINDOWS\198_150_ni_7.exe"
O4 - HKCU\..\Run: [acctres] "C:\WINDOWS\system32\acctres.exe"
O4 - HKCU\..\Run: [kbdhe] "C:\WINDOWS\system32\kbdhe.exe"
O4 - HKCU\..\Run: [odbctrac] "C:\WINDOWS\system32\odbctrac.exe"
O4 - HKCU\..\Run: [dciman32] "C:\WINDOWS\system32\dciman32.exe"
O4 - HKCU\..\Run: [ds16gt] "C:\WINDOWS\system32\ds16gt.exe"
O4 - HKCU\..\Run: [usbmon] "C:\WINDOWS\system32\usbmon.exe"
O4 - HKCU\..\Run: [wmsdmoe] "C:\WINDOWS\system32\wmsdmoe.exe"
O4 - HKCU\..\Run: [kbdhe319] "C:\WINDOWS\system32\kbdhe319.exe"
O4 - HKCU\..\Run: [qosname] "C:\WINDOWS\system32\qosname.exe"
O4 - HKCU\..\Run: [wmvdmoe] "C:\WINDOWS\system32\wmvdmoe.exe"
O4 - HKCU\..\Run: [hccutils] "C:\WINDOWS\system32\hccutils.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: ssdpapi - Unknown owner - C:\WINDOWS\system32\ssdpapi.exe (file missing)
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Go to the top of the page
 
+Quote Post
Armodeluxe
post Mar 7 2006, 07:29 AM
Post #2


Member 2k
Group Icon
Posts: 2,744
OS: Windows XP SP2
Hi zlpmicrobezlp,

The top portion of your log with the operation system info is missing, make sure that section is included when you post a new log after doing the below:

Please download ATF Cleaner by Atribune. Do not run it yet.

Please download Ewido Security Suite (do NOT run it yet!)
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
  • The update will start and a progress bar will show the updates being installed
  • After the updates are installed, exit Ewido
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Once in Safe Mode:
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


Open Ewido
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido

Reboot back to normal mode and please post a new HijackThis log along with the log from Ewido.
Go to the top of the page
 
+Quote Post
zlpmicrobezlp
post Mar 14 2006, 01:21 AM
Post #3


Member
**
Posts: 17
OS: Windows XP
Logfile of HijackThis v1.99.1
Scan saved at 11:17:27 PM, on 3/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\hccutils.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\system32\searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://e-plus.cc/search.php?aff_id=46&keyword=%s
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [psp1resx] C:\WINDOWS\System32\psp1resx.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msrecr40] C:\WINDOWS\System32\msrecr40.exe
O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe
O4 - HKCU\..\Run: [197_150_ni_2] C:\WINDOWS\System32\197_150_ni_2.exe
O4 - HKCU\..\Run: [198_150_ni_7] "C:\WINDOWS\198_150_ni_7.exe"
O4 - HKCU\..\Run: [acctres] "C:\WINDOWS\system32\acctres.exe"
O4 - HKCU\..\Run: [kbdhe] "C:\WINDOWS\system32\kbdhe.exe"
O4 - HKCU\..\Run: [odbctrac] "C:\WINDOWS\system32\odbctrac.exe"
O4 - HKCU\..\Run: [dciman32] "C:\WINDOWS\system32\dciman32.exe"
O4 - HKCU\..\Run: [ds16gt] "C:\WINDOWS\system32\ds16gt.exe"
O4 - HKCU\..\Run: [usbmon] "C:\WINDOWS\system32\usbmon.exe"
O4 - HKCU\..\Run: [wmsdmoe] "C:\WINDOWS\system32\wmsdmoe.exe"
O4 - HKCU\..\Run: [kbdhe319] "C:\WINDOWS\system32\kbdhe319.exe"
O4 - HKCU\..\Run: [qosname] "C:\WINDOWS\system32\qosname.exe"
O4 - HKCU\..\Run: [wmvdmoe] "C:\WINDOWS\system32\wmvdmoe.exe"
O4 - HKCU\..\Run: [hccutils] "C:\WINDOWS\system32\hccutils.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: ssdpapi - Unknown owner - C:\WINDOWS\system32\ssdpapi.exe (file missing)
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:06:23 PM, 3/13/2006
+ Report-Checksum: 112B1EBE

+ Scan result:

HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CLSID -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\CurVer -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\SigningModule.SigningModule.1 -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\FENX -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NavExcel Search Toolbar -> Adware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Adware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Adware.MidAddle : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\Default User\t1u6yey8.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@gator[1].txt -> TrackingCookie.Gator : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@mediatrack.revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\Internet Explorer\jxfehvlv.exe -> Downloader.WinShow.z : Cleaned with backup
C:\Program Files\Internet Explorer\zppimwsu.exe -> Downloader.WinShow.z : Cleaned with backup
C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll -> Adware.NavExcel : Cleaned with backup
C:\Q250204.exe.tcf -> Downloader.WinShow.r : Cleaned with backup
C:\WINDOWS\198_150_ni_7.exe.tcf -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned with backup
C:\WINDOWS\image.new -> Downloader.WinShow.ai : Cleaned with backup
C:\WINDOWS\msxmidi.exe -> Downloader.WinShow.p : Cleaned with backup
C:\WINDOWS\nxstinst.exe.tcf -> Adware.NavExcel : Cleaned with backup
C:\WINDOWS\remover.dll.tcf -> Adware.NavExcel : Cleaned with backup
C:\WINDOWS\sysqv\sysqv.dll.new -> Downloader.WinShow.ah : Cleaned with backup
C:\WINDOWS\system32\0021-bdl94126.EXE -> Downloader.VB.ca : Cleaned with backup
C:\WINDOWS\system32\198_150_ni_7.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\acctres.exe.tcf -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\bs5-nt15v.exe -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\system32\CS4P028.exe.tcf -> Downloader.Small.go : Cleaned with backup
C:\WINDOWS\system32\dciman32.exe.tcf -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\ds16gt.exe.tcf -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\kbdhe.exe.tcf -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\kbdhe319.exe.tcf -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\odbctrac.exe.tcf -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\P2P Networking -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\Cache\Database -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe -> Adware.P2PNetworking : Cleaned with backup
C:\WINDOWS\system32\ssdpapi.exe.tcf -> Downloader.Reqlook.d : Cleaned with backup
C:\WINDOWS\system32\test.bmp -> Downloader.Reqlook.d : Cleaned with backup
C:\WINDOWS\system32\usbmon.exe.tcf -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\system32\wmsdmoe.exe.tcf -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\xFYGJCMIKUP.exe -> Downloader.Agent.am : Cleaned with backup
C:\WINDOWS\xMXUYIHOOHT.exe -> Downloader.Agent.am : Cleaned with backup


::Report End
Go to the top of the page
 
+Quote Post
Armodeluxe
post Mar 14 2006, 08:05 AM
Post #4


Member 2k
Group Icon
Posts: 2,744
OS: Windows XP SP2
Open HijackThis and click Scan. Put a check next to these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\system32\searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://e-plus.cc/search.php?aff_id=46&keyword=%s
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [psp1resx] C:\WINDOWS\System32\psp1resx.exe
O4 - HKCU\..\Run: [msrecr40] C:\WINDOWS\System32\msrecr40.exe
O4 - HKCU\..\Run: [196_150_ni] C:\WINDOWS\System32\196_150_ni.exe
O4 - HKCU\..\Run: [197_150_ni_2] C:\WINDOWS\System32\197_150_ni_2.exe
O4 - HKCU\..\Run: [198_150_ni_7] "C:\WINDOWS\198_150_ni_7.exe"
O4 - HKCU\..\Run: [acctres] "C:\WINDOWS\system32\acctres.exe"
O4 - HKCU\..\Run: [kbdhe] "C:\WINDOWS\system32\kbdhe.exe"
O4 - HKCU\..\Run: [odbctrac] "C:\WINDOWS\system32\odbctrac.exe"
O4 - HKCU\..\Run: [dciman32] "C:\WINDOWS\system32\dciman32.exe"
O4 - HKCU\..\Run: [ds16gt] "C:\WINDOWS\system32\ds16gt.exe"
O4 - HKCU\..\Run: [usbmon] "C:\WINDOWS\system32\usbmon.exe"
O4 - HKCU\..\Run: [wmsdmoe] "C:\WINDOWS\system32\wmsdmoe.exe"
O4 - HKCU\..\Run: [kbdhe319] "C:\WINDOWS\system32\kbdhe319.exe"
O4 - HKCU\..\Run: [qosname] "C:\WINDOWS\system32\qosname.exe"
O4 - HKCU\..\Run: [wmvdmoe] "C:\WINDOWS\system32\wmvdmoe.exe"
O4 - HKCU\..\Run: [hccutils] "C:\WINDOWS\system32\hccutils.exe"
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O23 - Service: ssdpapi - Unknown owner - C:\WINDOWS\system32\ssdpapi.exe (file missing)


Close all other windows except HijackThis and click Fix Checked.

Go to Start > Run and type: cmd

In the command window that opens tpye the following line:

sc delete ssdpapi

Hit the Enter key and then type: exit to exit the command window. Reboot when done.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a new HijackThis log.
Go to the top of the page
 
+Quote Post
Armodeluxe
post Mar 29 2006, 07:46 AM
Post #5


Member 2k
Group Icon
Posts: 2,744
OS: Windows XP SP2
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Go to the top of the page
 
+Quote Post
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 6th January 2009 - 08:14 AM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Powered By IP.Board © 2009  IPS, Inc.