Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hi all! Could you pls help me my pc iss invated by viruses

Started by paperone , Nov 11 2006 09:52 AM

  • Please log in to reply

#1
paperone
Posted 11 November 2006 - 09:52 AM

paperone

    Member

  • Member
  • PipPip
  • 46 posts
Hi all and thanks for helping me: :blink:

My problem is this. After I had a realy bad pc crash where everything over night had disapeared from my computer I riinstalled the system. And for a cupple of days it worked super. Now it started to freeze and I tried it all Ewido, adaware, CW shredder... the works. My own antivirus which is Mc afee did not find anything.

Ifound 4 malware:

MSwinup.exe
CWS.loadadv
Tracking.Cooky.Revenue
Proxy.Ranky

With ewido I got writ of tracking cooky but ewido couldnt delete Proxy.ranky or MSwinup? How can I clear my system of these malware?

Hear is the logfile from ewido:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:44:56 2006-11-11

+ Scan result:



C:\RECYCLER\S-1-5-21-1960408961-1482476501-725345543-1003\Dc1.exe -> Not-A-Virus.Hacktool.Crack : Cleaned.
D:\D-load\Ewido Anti-Spyware 4\Patch.exe -> Not-A-Virus.Hacktool.Crack : Cleaned.
C:\quarantine\winsvcup.exe.Vir -> Proxy.Ranky : Error during cleaning.
C:\quarantine\winupsvc.exe.Vir -> Proxy.Ranky : Error during cleaning.


::Report end

---------------------------------------------------------------------------------------------------------------------------------------------------
Here is the Hijackthis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 18:15:11, on 2006-11-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Network Associates\VirusScan\SHSTAT.EXE
C:\Program\Network Associates\Common Framework\UpdaterUI.exe
C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe
C:\Program\Java\jre1.5.0_09\bin\jusched.exe
C:\Program\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Logitech\Video\FxSvr2.exe
C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
C:\Program\Network Associates\Common Framework\FrameworkService.exe
C:\Program\Network Associates\VirusScan\Mcshield.exe
C:\Program\Network Associates\VirusScan\VsTskMgr.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\Spybot - Search & Destroy\SpybotSD.exe
C:\Program\Mozilla Firefox\firefox.exe
D:\D-load\Programmi utili\vecchi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program\Delade filer\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [IMSCMig] C:\Program\DELADE~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program\Delade filer\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program\Delade filer\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\Program\DELADE~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (kopia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (kopia 1)" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Snabbstart för Microsoft Office OneNote 2003.lnk = C:\Program\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ladda ner Alla med NetXfer - C:\Program\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Ladda ner med NetXfer - C:\Program\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\VsTskMgr.exe




I appriciate all help :whistling:

regards

paperone :

Edited by paperone, 11 November 2006 - 11:18 AM.

  • 0

Advertisements

#2
loophole
Posted 11 November 2006 - 04:27 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
hI :whistling:

It looks like something else already dealt with those and renamed them and put them in a quarantine folder. Try browsing to this folder C:\quarantine and deleting everything in it then rescan with ewido and see what it finds
  • 0

#3
paperone
Posted 12 November 2006 - 04:47 AM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
THX a lot I try that and get back to ya.

regards

paperone :whistling: :help: :blink: great service as always! YOU PPL ROCK :)

Edited by paperone, 12 November 2006 - 04:48 AM.

  • 0

#4
paperone
Posted 12 November 2006 - 07:06 AM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
:) :blink: :help: <i dont get it ? What you told me was right and I deleted in the quarantine folder. I did all the scans again and the system should be clear. Well it still freezes sometimes not as often as before, but it does. Here I send you the logfiles of the scans i did incl. adaware, ewido, trendmicro and hijack...

THX for helping me!
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
Created at: 12:59:34 2006-11-12

+ Scan result:



Nothing found.



::Report end
--------------------------------------------------------------------------------------------------

Ad-Aware SE Build 1.06r1
Logfile Created on:den 12 november 2006 13:00:14
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R131 09-11-2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»




Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Run scan as background process (Low CPU usage)
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2006-11-12 13:00:14 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 564
ThreadCreationTime : 2006-11-12 11:20:51
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 2006-11-12 11:21:14
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 2006-11-12 11:21:17
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 2006-11-12 11:21:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Tjänst- och styrenhetsprogram
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 2006-11-12 11:21:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 880
ThreadCreationTime : 2006-11-12 11:21:17
BasePriority : Normal
FileVersion : 6.14.10.4146
ProductVersion : 6.14.10.4146
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 2006-11-12 11:21:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1012
ThreadCreationTime : 2006-11-12 11:21:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1108
ThreadCreationTime : 2006-11-12 11:21:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1152
ThreadCreationTime : 2006-11-12 11:21:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1272
ThreadCreationTime : 2006-11-12 11:21:18
BasePriority : Normal
FileVersion : 6.14.10.4146
ProductVersion : 6.14.10.4146
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1300
ThreadCreationTime : 2006-11-12 11:21:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1572
ThreadCreationTime : 2006-11-12 11:21:19
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Operativsystemet Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Utforskaren
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Med ensamrätt.
OriginalFilename : EXPLORER.EXE

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1728
ThreadCreationTime : 2006-11-12 11:21:20
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [shstat.exe]
FilePath : C:\Program\Network Associates\VirusScan\
ProcessID : 1840
ThreadCreationTime : 2006-11-12 11:21:21
BasePriority : Normal


#:16 [updaterui.exe]
FilePath : C:\Program\Network Associates\Common Framework\
ProcessID : 1848
ThreadCreationTime : 2006-11-12 11:21:21
BasePriority : Normal
FileVersion : 3.5.0.412
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:17 [tbmon.exe]
FilePath : C:\Program\Delade filer\Network Associates\TalkBack\
ProcessID : 1856
ThreadCreationTime : 2006-11-12 11:21:21
BasePriority : Normal
FileVersion : 2.0.275.0
ProductVersion : 2.0.275.0
ProductName : TalkBack Monitor
CompanyName : Network Associates, Inc.
FileDescription : TalkBack Monitor
InternalName : TBMON
LegalCopyright : ©2003 Networks Associates Technology, Inc. All Rights Reserved.
LegalTrademarks : McAfee & Network Associates are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. © 2003 Network Associates Technology, Inc. All Rights Reserved.
OriginalFilename : TBMON.EXE

#:18 [jusched.exe]
FilePath : C:\Program\Java\jre1.5.0_09\bin\
ProcessID : 2012
ThreadCreationTime : 2006-11-12 11:21:21
BasePriority : Normal


#:19 [cli.exe]
FilePath : C:\Program\ATI Technologies\ATI.ACE\
ProcessID : 2044
ThreadCreationTime : 2006-11-12 11:21:22
BasePriority : Normal


#:20 [e_s10ic2.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 252
ThreadCreationTime : 2006-11-12 11:21:22
BasePriority : Normal
FileVersion : 3.05
ProductVersion : 3.05
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S10IC2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2002
OriginalFilename : E_S10IC2.EXE

#:21 [acrotray.exe]
FilePath : C:\Program\Adobe\Acrobat 7.0\Distillr\
ProcessID : 260
ThreadCreationTime : 2006-11-12 11:21:22
BasePriority : Normal
FileVersion : 6.0.1.2004121400
ProductVersion : 6.0.1.2004121400
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2004 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:22 [lvcomsx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 316
ThreadCreationTime : 2006-11-12 11:21:22
BasePriority : Normal
FileVersion : 8.4.7.1036
ProductVersion : 8.4.7.1036
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2005 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:23 [logitray.exe]
FilePath : C:\Program\Logitech\Video\
ProcessID : 452
ThreadCreationTime : 2006-11-12 11:21:23
BasePriority : Normal
FileVersion : 8.4.7.1034
ProductVersion : 8.4.7.1034
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2005 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe

#:24 [zlclient.exe]
FilePath : C:\Program\Zone Labs\ZoneAlarm\
ProcessID : 460
ThreadCreationTime : 2006-11-12 11:21:23
BasePriority : Normal
FileVersion : 5.1.011.000
ProductVersion : 5.1.011.000
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlclient.exe

#:25 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 472
ThreadCreationTime : 2006-11-12 11:21:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:26 [fxsvr2.exe]
FilePath : C:\Program\Logitech\Video\
ProcessID : 780
ThreadCreationTime : 2006-11-12 11:21:24
BasePriority : Normal
FileVersion : 8.4.7.1034
ProductVersion : 8.4.7.1034
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : QuickCam Framework Server
InternalName : FxSvr.EXE
LegalCopyright : © 1996-2005 Logitech. All rights reserved.
OriginalFilename : FxSvr.EXE

#:27 [eebsvc.exe]
FilePath : C:\Program\Delade filer\EPSON\EBAPI\
ProcessID : 1068
ThreadCreationTime : 2006-11-12 11:21:27
BasePriority : Normal


#:28 [sagent2.exe]
FilePath : C:\Program\Delade filer\EPSON\EBAPI\
ProcessID : 1432
ThreadCreationTime : 2006-11-12 11:21:28
BasePriority : Normal
FileVersion : 2, 2, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001
OriginalFilename : SAgent2.exe

#:29 [frameworkservice.exe]
FilePath : C:\Program\Network Associates\Common Framework\
ProcessID : 1588
ThreadCreationTime : 2006-11-12 11:21:30
BasePriority : Normal
FileVersion : 3.5.0.412
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:30 [mcshield.exe]
FilePath : C:\Program\Network Associates\VirusScan\
ProcessID : 1816
ThreadCreationTime : 2006-11-12 11:21:30
BasePriority : High


#:31 [vstskmgr.exe]
FilePath : C:\Program\Network Associates\VirusScan\
ProcessID : 1960
ThreadCreationTime : 2006-11-12 11:21:33
BasePriority : Normal


#:32 [naprdmgr.exe]
FilePath : C:\Program\NETWOR~1\COMMON~1\
ProcessID : 2020
ThreadCreationTime : 2006-11-12 11:21:33
BasePriority : Normal
FileVersion : 3.5.0.412
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe

#:33 [mdm.exe]
FilePath : C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\
ProcessID : 2092
ThreadCreationTime : 2006-11-12 11:21:34
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:34 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2204
ThreadCreationTime : 2006-11-12 11:21:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:35 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2304
ThreadCreationTime : 2006-11-12 11:21:34
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:36 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 2344
ThreadCreationTime : 2006-11-12 11:21:35
BasePriority : Normal
FileVersion : 5.1.011.000
ProductVersion : 5.1.011.000
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe

#:37 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3000
ThreadCreationTime : 2006-11-12 11:21:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:38 [cli.exe]
FilePath : C:\Program\ATI Technologies\ATI.ACE\
ProcessID : 3956
ThreadCreationTime : 2006-11-12 11:22:24
BasePriority : Normal


#:39 [cli.exe]
FilePath : C:\Program\ATI Technologies\ATI.ACE\
ProcessID : 3964
ThreadCreationTime : 2006-11-12 11:22:24
BasePriority : Normal


#:40 [ad-aware.exe]
FilePath : C:\Program\Lavasoft\Ad-Aware SE Personal\
ProcessID : 836
ThreadCreationTime : 2006-11-12 11:59:52
BasePriority : Idle
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


13:08:27 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:13.547
Objects scanned:148674
Objects identified:0
Objects ignored:0
New critical objects:0


---------------------------------------------------------------------------------------------------------------
Trendmicro online scan:

Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability.
There is currently no more information available.

---------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:45:20, on 2006-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Network Associates\VirusScan\SHSTAT.EXE
C:\Program\Network Associates\Common Framework\UpdaterUI.exe
C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe
C:\Program\Java\jre1.5.0_09\bin\jusched.exe
C:\Program\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program\Logitech\Video\LogiTray.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Logitech\Video\FxSvr2.exe
C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
C:\Program\Network Associates\Common Framework\FrameworkService.exe
C:\Program\Network Associates\VirusScan\Mcshield.exe
C:\Program\Network Associates\VirusScan\VsTskMgr.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
D:\D-load\Programmi utili\vecchi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program\Delade filer\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program\Delade filer\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [IMSCMig] C:\Program\DELADE~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program\Delade filer\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program\Delade filer\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\Program\DELADE~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (kopia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (kopia 1)" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Snabbstart för Microsoft Office OneNote 2003.lnk = C:\Program\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ladda ner Alla med NetXfer - C:\Program\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Ladda ner med NetXfer - C:\Program\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program\Delade filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Again thx for your time and your help hope we can resolve this :whistling: I think it is the malware called MSwinup.exe which in someway is spooking around in my system and cousing the freezes.[color=#CC0000][size=3]

Have a nice day

regards

paperone
  • 0

#5
loophole
Posted 12 November 2006 - 03:08 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Not much in any of the scans, can you try this one

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#6
paperone
Posted 13 November 2006 - 11:35 AM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi again,

THX i did that and there where not found any malware. I think my system should be fine now since it hasnt been continueing to freeze. I just have one question why does my pc always start with doing the CHKDSK protocol over and over again.

THX for all help and for the quick respons.

regards

paperone
  • 0

#7
loophole
Posted 16 November 2006 - 11:57 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi sorry for the delayed response.

That usually means that there are errors on the hard drive but isn't set to fix them

Try this

Click start>>>> run>>> then type cmd and click ok
At the command prompt type chkdsk /r and hit enter
A message will appear asking if you want to chek the drive at the next reboot, type Y and press enter, then reboot and let it run, let me know if this solves the problem
  • 0

#8
paperone
Posted 16 November 2006 - 02:17 PM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
:whistling:

THX I ll try that!

I get back to you as soon as I can :blink:
  • 0

#9
loophole
Posted 17 November 2006 - 06:11 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
OK :whistling:
  • 0

#10
paperone
Posted 18 November 2006 - 03:24 AM

paperone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
:whistling:

No it did not help :blink: I tried it all now but chkdsk always starts at the beginning. And the pc sometimes still freezes as well. I even opend it up and cleaned all the parts inside like the graphikcard that helped a little i think but thats it.

Anyway thx for your help and effort! I guess its time to buy a new machine soon.

regards

paperone
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP