Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

sysprotect and virtumonde

Started by AmandaK26 , May 19 2006 08:37 AM

  • Please log in to reply

#1
AmandaK26
Posted 19 May 2006 - 08:37 AM

AmandaK26

    New Member

  • Member
  • Pip
  • 1 posts
Hello....wondering if you'd be able to help me out.

I've been having frequent sysprotect pop-ups when using Internet Explorer, so I switched my browser to Firefox and am still occasionally geting the sysprotect pop-up but not as often. I consulted the malware forum for a possible correction but none have helped as of yet. I did not delete anything within the HijackThis! program so I'm thinking that it most likely why, not exactly sure though.

Anyways...what have I done the most recently(today)?

Ran Ad-aware SE which came up with Virtumonde ad-aware being located, quaratined and then "removed"
Ran the ATF cleaner
Vundo.exe program where I run it as a task and then remove vundo and restarted my computer. However,
I did not run the Vundo.exe in safe mode as of yet
I then ran an Ewido scan and saved a log (see below)
Ran Ad-aware SE again, this time no Virtumonde ad-aware located
Then HijackThis! and saved a log (see below) and didn't fix anything


Any help would be appreciated.
Thanks!






EWIDO LOG (not sure if this is necessary)
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:32:23 AM, 5/19/2006
+ Report-Checksum: 96F76C05

+ Scan result:

:mozilla.7:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Amanda\Application Data\Mozilla\Firefox\Profiles\v36j8hhf.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup


::Report End

---------------



Logfile of HijackThis v1.99.1
Scan saved at 10:35:50 AM, on 5/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Amanda\Local Settings\Temporary Internet Files\Content.IE5\ZR75UJN9\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AEGIS Client.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?81e707279d0b465595bae42f5a42f5bd
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?81e707279d0b465595bae42f5a42f5bd
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102117368593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128186418812
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://weddingchanne..._1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photogize...geUploader3.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe



O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP