HijackThis Log - applications stop loading

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

HijackThis Log - applications stop loading - "lack of system reso

Options

DHAR3070 View Member Profile	Apr 11 2006, 04:09 PM Post #1
New Member Posts: 6 OS: XP	Hi, (1st 2 paras are history, 3rd para is current problem) I have recently been having problems with launching applications - after the computer is on for a while, I got an error message saying there are not enough system resources to launch the application. This problem would go after restarting (then would come back again after the PC was on a while). Also, I couldn't open Task Manager. The Microsoft anti-virus tool idenitified Alcra.B on my system, and supposedly got rid of it. However the problem started recurring very soon. I ran Ad-Aware, which identified Win32.Downloader. It got rid of it eventually, after I switched off System Restore. When Ad-Aware didn't find anything after I scanned again, I switched System Restore back on, and things seemed to be fixed. However, the problem has come back again. I ran cwshredder, and my antivirus (AVG, with updated definitions) has found nothing. In addition, Ad-Aware also finds nothing - however, given my previous problems, and also the "lack of system resources" error message (which in the past I never got), I believe there is some form of malicious software on my system. My HijackThis log is posted below. Logfile of HijackThis v1.99.1 Scan saved at 23:44:12, on 11/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Belkin Wireless Network Utility\WLanCfgG.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\InfoPenMSN\Pro\InfoPenIM.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thebreastcancersite.com/cgi-bin...Component.0.0.0 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InfoPenMSN] C:\Program Files\InfoPenMSN\Pro\InfoPenIM.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095350109875 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133467306140 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://images.leeds.ac.uk/ecwplugins/ncs.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Belkin Wireless Network Utility\WLService.exe O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe Thanks a lot for taking the time to read this. This post has been edited by DHAR3070: Apr 11 2006, 04:16 PM

don77 View Member Profile	Apr 15 2006, 07:34 AM Post #2
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Hi and welcome DHAR3070 Sorry for the delay, Lets have you run Ewido and post back a fresh HJT log please, Please download ewido security suite it is a trial version of the program. Install ewido security suite When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido, there should be an icon on your desktop double-click it. The program will now go to the main screen You will need to update ewido to the latest definition files. On the left hand side of the main screen click update Then click on Start Update The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update ewido. ewido manual updates Once the updates are installed do the following: Click on scanner Click on Complete System Scan and the scan will begin. While the scan is in progress you will be prompted to clean files, click OK When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop. Now close ewido security suite. So in recap please post the Ewido log and a fresh HJT log please

DHAR3070 View Member Profile	Apr 15 2006, 01:45 PM Post #3
New Member Posts: 6 OS: XP	Ewido log: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 21:14:44, 15/04/2006 + Report-Checksum: 3A690E34 + Scan result: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup C:\Documents and Settings\Family\Cookies\family@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Family\Cookies\family@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@ads15.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@adviva[1].txt -> TrackingCookie.Adviva : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@cz8.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflogjdpgkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflosncjwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@hswmedia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@powellsbooks.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@sonycorporate.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@srv1.ad.adition[1].txt -> TrackingCookie.Adition : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyapdjigoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup ::Report End --------------------------------------------------------------------- HiJack This log: Logfile of HijackThis v1.99.1 Scan saved at 21:17:49, on 15/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Belkin Wireless Network Utility\WLanCfgG.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\InfoPenMSN\Pro\InfoPenIM.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\imapi.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thebreastcancersite.com/cgi-bin...Component.0.0.0 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InfoPenMSN] C:\Program Files\InfoPenMSN\Pro\InfoPenIM.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095350109875 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133467306140 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://images.leeds.ac.uk/ecwplugins/ncs.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Belkin Wireless Network Utility\WLService.exe O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe Thanks, Ankush.

don77 View Member Profile	Apr 16 2006, 08:31 AM Post #4
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Nothing malious showing there, Lets have a look at a uninstall list, Start HijackThis Click on the Config button Click on the Misc Tools button Click on the Open Uninstall Manager button. You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

DHAR3070 View Member Profile	Apr 16 2006, 12:53 PM Post #5
New Member Posts: 6 OS: XP	The problem is still present - was watching video using Windows Media Player, halfway through just stopped playing - "insufficient quota to complete process". Not really sure what the list below is about, but if this helps, I suspect that a file from BearShare could be responsible for the problem, and as a result I haven't used it for a month (although strangely, the add/remove programs list says I havent used it since October). AC3Filter (remove only) Ad-Aware SE Personal Adobe Download Manager 1.2 (Remove Only) Adobe Reader 6.0.1 AVG Free Edition BearShare Belkin 54g USB Network Adapter Belkin 54g USB Network Adapter BitTorrent 4.0.4 Call of Duty Call of Duty - United Offensive Call of Duty® 2 Clinical Evidence Issue 12 (December 2004) Cool Edit Pro 2.0 DC++ 0.674 DivX DivX Player Dystopia ewido anti-malware Far Cry FEAR SP Demo GameSpy Arcade Google Toolbar for Internet Explorer Grand Theft Auto Vice City GSpot Codec Information Appliance Half-Life® 2 HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 1.99.1 Image Web Server IE Plugins 1,7,1,43 InfoPenMSN-Pro InterActual Player LiveUpdate BVRP Software Macromedia Dreamweaver MX 2004 Macromedia Extension Manager Macromedia Flash Player 8 Macromedia Shockwave Player Mafia Demo Medal of Honor Allied Assault Medal of Honor Allied Assault™ Breakthrough Medal of Honor Allied Assault™ Spearhead Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB886906) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Data Access Components KB870669 Microsoft Office XP Professional Microsoft Windows Journal Viewer Microsoft Works 2000 Microsoft Works 7.0 mobile PhoneTools Nero Suite NVIDIA Drivers Ogg Converter OpenMG Limited Patch 4.1-05-14-24-01 OpenMG Secure Module 4.1.00 PowerDVD Quake III Arena QuickTime RealPlayer Realtek AC'97 Audio screensaver_char_1024 screensaver_rain_1024 Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) SiS VGA Utilities SlideVision SonicStage 3.1 Sony Net MD Help Steam Tom Clancy's Splinter Cell Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB910437) USB Wireless Keyboard Driver Winamp (remove only) Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinRAR archiver

don77 View Member Profile	Apr 17 2006, 10:46 AM Post #6
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	I would strongly suggest removing bearshare, Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post.

DHAR3070 View Member Profile	Apr 17 2006, 07:48 PM Post #7
New Member Posts: 6 OS: XP	Below are the results of the Kaspersky scan. Scan Statistics: Total number of scanned objects: 93733 Number of viruses found: 1 Number of infected objects: 3 Number of suspicious objects: 0 Duration of the scan process: 01:39:15 Infected Object Name / Virus Name / Last Action C:\Program Files\BitTorrent\uninstall.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped C:\Program Files\BitTorrent\uninstall.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped C:\Program Files\BitTorrent\uninstall.exe NSIS: infected - 2 skipped Scan process completed. ----------------------------------------------- I checked the official BitTorrent website, they say theres no virus. Plus I never launched the uninstall program. Nevertheless I uninstalled BitTorrent and BearShare using the Add/Remove program feature in Control Panel. Rebooted, scanned the system again with Kapersky. Didn't have a problem opening multiple applications, although the computer is still slower than it should be at times (but this I can ignore). Results of the 2nd scan are below. Below these results I have added another HiJack This log, in case it helps. ----------- Scan Statistics: Total number of scanned objects: 94060 Number of viruses found: 1 Number of infected objects: 3 Number of suspicious objects: 0 Duration of the scan process: 01:42:51 Infected Object Name / Virus Name / Last Action C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP30\A0008801.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP30\A0008801.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP30\A0008801.exe NSIS: infected - 2 skipped Scan process completed. --------- I understand this has something to do with System Restore, perhaps I should have switched it off before uninstalling Bearshare and BitTorrent? Heres the HiJack This log. --------- Logfile of HijackThis v1.99.1 Scan saved at 03:15:36, on 18/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\InfoPenMSN\Pro\InfoPenIM.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thebreastcancersite.com/cgi-bin...Component.0.0.0 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InfoPenMSN] C:\Program Files\InfoPenMSN\Pro\InfoPenIM.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095350109875 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133467306140 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://images.leeds.ac.uk/ecwplugins/ncs.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Belkin Wireless Network Utility\WLService.exe O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

don77 View Member Profile	Apr 17 2006, 09:53 PM Post #8
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Good move Go ahead and disable system restore then enable it again that will flush out the infected restore points, After that check Ewido for updates, Run a scan with it save the log when it has completed and post it back here for me please

DHAR3070 View Member Profile	Apr 18 2006, 04:57 AM Post #9
New Member Posts: 6 OS: XP	Disabled then re-enabled System Restore. Ewido log below. Will leave PC on for a while, I'll let you know if there are any signs of remaining infection, but from the looks of the log below there doesn't seem to be any malware does there? --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 12:25:11, 18/04/2006 + Report-Checksum: A533EC09 + Scan result: C:\Documents and Settings\Owner\Cookies\owner@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@adviva[1].txt -> TrackingCookie.Adviva : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup ::Report End

don77 View Member Profile	Apr 18 2006, 08:07 AM Post #10
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Sure looks good, let me know if there are anymore problems