Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown Infection [CLOSED]


  • This topic is locked This topic is locked

#1
robert83

robert83

    Member

  • Member
  • PipPip
  • 15 posts
Ok, my computer still gives me fits, won't shutdown or hibernate. I did all the steps in the malware help section. Here's my HJT log. Hope something comes up. :tazz:

I also have two errors that come up everytime windows loads. I'll address that if this doesn't work.

Logfile of HijackThis v1.99.1
Scan saved at 7:53:56 PM, on 8/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\EzButton\EzButton.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\mdmprs32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Robert Harrah\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = poweredge1400sc:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [oxcj] C:\WINDOWS\oxcj.exe
O4 - HKLM\..\Run: [oizgrtvlvtre] C:\WINDOWS\System32\ubbnifb.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [hlfuyzw] c:\windows\system32\zaltthe.exe r
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [dmpqxk] c:\windows\system32\wogjff.exe r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [cvfiifc] c:\windows\system32\yztzqhg.exe r
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [cdbqxxy] c:\windows\system32\ytssgyj.exe r
O4 - HKLM\..\Run: [brkxiev] c:\windows\system32\upqhxqp.exe r
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [bgnztx] c:\windows\system32\uaszjjw.exe r
O4 - HKLM\..\Run: [bdsmtju] c:\windows\system32\panuxhp.exe r
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ajfcxw] c:\windows\system32\mssida.exe r
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LnkSet] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinSock Extention Manager (WsEm Srv) - Unknown owner - C:\WINDOWS\mdmprs32.exe

Edited by robert83, 02 August 2005 - 07:02 PM.

  • 0

Advertisements


#2
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello and welcome to Geeks to Go!

+++++ Step 1 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 2 +++++

Update HiJackThis
  • Open HiJackThis
  • Click Open the Misc Tools Section
  • Click Check for update online
+++++ Step 3 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have received help elsewhere or no longer need our assistance, please let us know.
  • 0

#3
robert83

robert83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the Kaspersky Scan:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, August 11, 2005 23:54:38
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 11/08/2005
Kaspersky Anti-Virus database records: 134746
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 64292
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 3926 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Robert Harrah\My Documents\Downloads\WarezP2P.exe/stream/data0005 Infected: Trojan-Downloader.Win32.Small.apc
C:\Documents and Settings\Robert Harrah\My Documents\Downloads\WarezP2P.exe/stream Infected: Trojan-Downloader.Win32.Small.apc
C:\Documents and Settings\Robert Harrah\My Documents\Downloads\WarezP2P.exe Infected: Trojan-Downloader.Win32.Small.apc
C:\WINDOWS\system32\drivers\df_kmd.sys Infected: Rootkit.Win32.Agent.af

Scan process completed.

Here's the other HijackThis Log:

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe After Effects 5.0
Adobe Encore DVD 1.5 Tryout
Adobe GoLive 5.0
Adobe Illustrator 9.0
Adobe InDesign
Adobe LiveMotion
Adobe Photoshop 6.0
Adobe Premiere Pro
Adobe Reader 7.0
ALPS Touch Pad Driver
America's Army
AOL Instant Messenger
ArcSoft Software Suite
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free Edition
CardRd81
CCHelp
CCScore
CD/DVD Drive Acoustic Silencer
Cda Product Service - shared component
CleanUp!
CR2
DivX
DivX Player
DVD Decrypter (Remove Only)
DVD-RAM Driver
Easy Button
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
EZ Firewall
Google Gmail Notifier
Gordian Knot Rip Pack 0.28.8
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPSFO
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
hp psc 2200 series
HP Software Update
Indeo® XP Software
Integrity Online - PureSight
InterActual Player
InterVideo WinDVD for Toshiba
iTunes
J2SE Runtime Environment 5.0 Update 1
Kaspersky On-line Scanner
Kodak EasyShare software
KSU
LimeWire PRO 4.8.1
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Works 7.0
Mozilla Firefox (1.0PR)
MSN Music Assistant
MUSICMATCH® Jukebox
Myst III: Exile
Myst IV - Revelation
Norton WMI Update
Notebook Maximizer
Notifier
OfotoXMI
OTtBP
OTtBPSDK
PCDLNCH
PConPoint v1.1
Pocket Tanks 1.00b
Quicken 2004
QuickTime
RealPlayer
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
Riven
Roxio Burn Engine
ScummVM 0.7.1
Search Basket
Security Update for Step By Step Interactive Training (KB898458)
SFR
SFR2
SMSC IrCC V5.1.3600.3 SP1
Sonic DLA
Sonic RecordNow!
Spybot - Search & Destroy 1.4
SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
TOSHIBA Access
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Fax Extension
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Management Utility
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
Touch and Launch
TouchPad On/Off Utility
Update for Windows XP (KB898461)
VCAMCEN
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
Warez P2P Client 2.6
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Service Pack 2
WinMX
WinRAR archiver
Xingtone v4.0

Hope this helps!
  • 0

#4
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
I need to see a normal HijackThis log as well.

~Kristy
  • 0

#5
robert83

robert83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry about that...Here's the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 8:36:11 AM, on 8/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\mdmprs32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\EzButton\EzButton.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\rsvp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robert Harrah\My Documents\Downloads\Tools\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = poweredge1400sc:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [oxcj] C:\WINDOWS\oxcj.exe
O4 - HKLM\..\Run: [oizgrtvlvtre] C:\WINDOWS\System32\ubbnifb.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [hlfuyzw] c:\windows\system32\zaltthe.exe r
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [dmpqxk] c:\windows\system32\wogjff.exe r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [cvfiifc] c:\windows\system32\yztzqhg.exe r
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [cdbqxxy] c:\windows\system32\ytssgyj.exe r
O4 - HKLM\..\Run: [brkxiev] c:\windows\system32\upqhxqp.exe r
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [bgnztx] c:\windows\system32\uaszjjw.exe r
O4 - HKLM\..\Run: [bdsmtju] c:\windows\system32\panuxhp.exe r
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ajfcxw] c:\windows\system32\mssida.exe r
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LnkSet] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinSock Extention Manager (WsEm Srv) - Unknown owner - C:\WINDOWS\mdmprs32.exe
  • 0

#6
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello robert83,

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix here:
http://www.noidea.us...050711214630636
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [oxcj] C:\WINDOWS\oxcj.exe
O4 - HKLM\..\Run: [oizgrtvlvtre] C:\WINDOWS\System32\ubbnifb.exe
O4 - HKLM\..\Run: [hlfuyzw] c:\windows\system32\zaltthe.exe r
O4 - HKLM\..\Run: [dmpqxk] c:\windows\system32\wogjff.exe r
O4 - HKLM\..\Run: [cvfiifc] c:\windows\system32\yztzqhg.exe r
O4 - HKLM\..\Run: [cdbqxxy] c:\windows\system32\ytssgyj.exe r
O4 - HKLM\..\Run: [brkxiev] c:\windows\system32\upqhxqp.exe r
O4 - HKLM\..\Run: [bgnztx] c:\windows\system32\uaszjjw.exe r
O4 - HKLM\..\Run: [bdsmtju] c:\windows\system32\panuxhp.exe r
O4 - HKLM\..\Run: [ajfcxw] c:\windows\system32\mssida.exe r
O4 - Startup: PowerReg Scheduler.exe
O23 - Service: WinSock Extention Manager (WsEm Srv) - Unknown owner - C:\WINDOWS\mdmprs32.exe (Do you know what this is?)


Close all open windows except for HijackThis and click Fix Checked.

Be sure you're able to view hidden files, and remove the following files/folders in bold (if found):

C:\WINDOWS\wupdt.exe
C:\WINDOWS\oxcj.exe
C:\WINDOWS\System32\ubbnifb.exe
c:\windows\system32\zaltthe.exe r
c:\windows\system32\wogjff.exe r
c:\windows\system32\yztzqhg.exe r
c:\windows\system32\ytssgyj.exe r
c:\windows\system32\upqhxqp.exe r
c:\windows\system32\uaszjjw.exe r
c:\windows\system32\panuxhp.exe r
c:\windows\system32\mssida.exe r


Empty your recycle bin.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

~Kristy :tazz:
  • 0

#7
robert83

robert83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ok, I followed the instructions that I last received. Here's the Hijackthis Log and the ewido scan results:

Logfile of HijackThis v1.99.1
Scan saved at 11:24:41 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = poweredge1400sc:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LnkSet] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinSock Extention Manager (WsEm Srv) - Unknown owner - C:\WINDOWS\mdmprs32.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:08:06 PM, 8/17/2005
+ Report-Checksum: 85186F4B

+ Scan result:

:mozilla.7:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Robert Harrah\Application Data\Mozilla\Firefox\Profiles\7vp1e2sj.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Robert Harrah\Cookies\robert harrah@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robert Harrah\Cookies\robert harrah@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Robert Harrah\Cookies\robert harrah@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Robert Harrah\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Robert Harrah\Local Settings\Temp\temp.frD5BD -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\cckorbp.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\jvxuqpposd.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup


::Report End

My laptop still doesn't shut down all the way every time, and I have one error at startup. Should I start a new topic to address those issues, or can I get help in this discussion? Also, I now have AVG and Ewido running on my computer, will those conflict, or do I need them both?

Again, thanks for all the help!!!
  • 0

#8
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Your log is clean.

When did the problems with shutting down your computer start?

~Kristy
  • 0

#9
robert83

robert83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
My shut down problems started occuring in Feb. or Mar., I've just been putting up with it since. It won't shut down more times then it will. It will go through the shut down process and will be on the blue screen saying "Windows is Shutting Down," but it won't ever pwer off.
  • 0

#10
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello robert83,

That doesn't sound like a malware problem. You may want to try posting in the Hardware or Windows XP forum about that problem. Is the shut down problem the only one you are experiencing now?

~Kristy
  • 0

#11
robert83

robert83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Yeah, the only other thing is the error that comes up at startup. It's a RUNDLL window that says:

"Error loading C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll
The specific module could not be found."

I hit "OK" and it goes away, but it bugs me to have any type of error. I have a question: Is it ok to run AVG (Anti-Virus Gurad) and Ewido at the same time?
  • 0

#12
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello robert83,

"Error loading C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll
The specific module could not be found."

Do you use WildTangent for anything, like WildTangent games?

Is it ok to run AVG (Anti-Virus Gurad) and Ewido at the same time?

It is okay to have both AVG Anti-Virus and Ewido on your computer at the same time. But when you run scans, it would be better to scan each at different times.

~Kristy
  • 0

#13
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP