Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack This wont run [CLOSED]


  • This topic is locked This topic is locked

#1
Tommy Walker

Tommy Walker

    Member

  • Member
  • PipPip
  • 10 posts
I can't get Hijack This to run so I'm providing the following instead of a log.

I've been using Norton Security 2005, AdAware, SpywareGuard, SpywareBlaster and Spybot for some months with no problems.

I noticed yeserday that I couldn't acess my online banking site ("The page cannot be displayed"). Checked by phone with bank and their site is ok.

Decided to do a full scan on Norton and noticed that Norton wasn't starting up automatically but couldn't open the program 'manually' ("Symantec Integrator has encountered a problem and needs to close").

Checked Windows Security Center Firewall and got "Due to an unidentified problem, Windows can't display Windows Firewall settings".

Then tried Microsoft Update (Express and Custom) but was advised "The website has encountered a problem and cannot display the page that you are trying to view".

I then tried to follow the procedure you recommend for new members.

CleanUp: ran successfully

Ad-aware SE (Personal): I've been running this a few times a day now for many months. I usually pick up a few things after the kids have been on (I use Norton Parental Control). I usually alternate between quick and full scans but reconfigured following your instructions and found nothing.

CWShredder: ran successfully

Spybot S&D: I have used this maybe 1-2 times a week for some months, usually after a full scan on Ad-aware. However, I downloaded (again) following your instructions and now canot update ("Socket Error # 10061. Connection refused") although program ran ok.

Ewido: ran successfully, found nothing (no report) but unable to update ("connection could not be established").

Trend Housecall: couldn't connect ("The page cannot be displayed")...same with Panda ActiveScan.

AVG: haven't used as I hoped I'd get Norton running again and wanted to avoid conflict.

TrojanHunter: ran successfully but unable to update.

Windows Update: see above

Hijack This: downloaded this twice...once under a new Hijack folder directly under C: and also a new Hijack folder directly under Program Files. Can't successfully open either...generally starts up then quickly closes...best I've down is to get the 'Do a system scan and save a logfile' started before it closes.

Any assistance would be greatly appreciated.

Gordon

Cairns
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Tommy Walker

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Please download and install AD-Aware se.
Click Here on how setup and use it - please make sure you update it first. Don't run yet.

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Download Ewido Trojanís and malware remover http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate. Don't run yet

Reboot into Safe Mode: please see here if you are not sure how to do this.

Run Ewido full scan. Save the scan.log and post the log.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Run Ad-aware se let it remove all it finds

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Let the system reboot as normal.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

Please run the following free, online virus scans.
http://enterprises.p...l_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.

Run HijackThis and post the new log.

Kc :tazz:
  • 0

#3
Tommy Walker

Tommy Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Still can't get Hijack This to run !

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:13:49 PM, 26/08/2005
+ Report-Checksum: F3F22169

+ Scan result:

:mozilla.53:C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\default.acd\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup


::Report End

Cleaned out Prefetch folder (around 100 files), ran Ad-aware (found nothing), ran 'cleanmgr' and Cleanup successfully but when I hit 'Scan your pc' at Panda it came up with 'Page cannot be displayed'.

Keeping the faith :tazz:)

Gordon
Cairns
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Tommy Walker

Please try this

There is a variant of the Coolwebsearch trojan spreading that closes several anti-spyware apps when you try to open them.
If this is happening to you, download PepiMK's CoolWWWSearch.SmartKiller removal tool first and run it. After it does its job, CWShredder and HijackThis will run properly (as well Spybot S&D, Ad-aware and several anti-spyware forums).

CoolWWWSearch.SmartKiller removal tool
http://www.safer-net...es/delcwssk.zip

Now try and post a HJT.log.

Kc :tazz:
  • 0

#5
Tommy Walker

Tommy Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
It's 4.30 in the morning, I just got up with a bad cold and I'm not functioning very well so please excuse me if I'm doing something very basic/simple wrong.

I've unzipped the file using WinZip but when I try to open it I get 'CoolWWWSearch.SmartKiller (v1/v2) has not been found on your system'.
  • 0

#6
Tommy Walker

Tommy Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
While waiting for your response I ran Spyware Doctor:

Spyware Doctor Activity Report
Generated on 27/08/2005 8:29:22 AM Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 27/08/2005 8:29:57 AM
scan stop: 27/08/2005 9:00:09 AM
scanned items: 93592
found items: 36
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



Infection Name Location Risk
Kazaa Promotional Items multiple Medium
Possible Website Hijack (20) 127.0.0.1 ca.com High
Possible Website Hijack (23) 127.0.0.1 f-secure.com High
Possible Website Hijack (62) 127.0.0.1 kaspersky.com High
Possible Website Hijack (31) 127.0.0.1 mcafee.com High
Possible Website Hijack (32) 127.0.0.1 my-etrust.com High
Possible Website Hijack (33) 127.0.0.1 nai.com High
Possible Website Hijack (34) 127.0.0.1 networkassociates.com High
Possible Website Hijack (37) 127.0.0.1 sophos.com High
Possible Website Hijack (58) 127.0.0.1 trendmicro.com High
Possible Website Hijack (43) 127.0.0.1 viruslist.com High
Common Components for WhenU HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WUInst.dll Low
Common Components for WhenU HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WUInst.dll## Low
Common Components for WhenU HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WUInst.dll##.Owner Low
Common Components for WhenU HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WUInst.dll##{E2F2B9D0-96B9-4B25-B90C-636ECB207D18} Low
Common Components for WhenU HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINDOWS\Downloaded Program Files\WUInst.dll Low
IBIS Toolbar HKLM\software\microsoft\windows\currentversion\run##viewmgr Medium
Kazaa Promotional Items HKCU\Software\Kazaa\Promotions Medium
Kazaa Promotional Items HKCU\Software\Kazaa\Promotions## Medium
Kazaa Promotional Items HKCU\Software\Kazaa\Promotions\Broadband Medium
Kazaa Promotional Items HKCU\Software\Kazaa\Promotions\Broadband## Medium
Kazaa Promotional Items HKCU\Software\Kazaa\Promotions\Broadband##BBDbLoc Medium
Kazaa Promotional Items HKCU\Software\Kazaa\Promotions\Broadband##NullImageLoc Medium
Kazaa Promotional Items HKCU\Software\Kazaa\Promotions\Broadband##NullImageLoc2 Medium
Common Components for AZE nEtwork HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7BF3304-138B-4DD5-86EE-491BB6A2286C} Medium
Common Components for AZE nEtwork HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\iexplore Medium
YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} High
YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore High
Tracking Cookie(s) C:\Documents and Settings\Gordon\Cookies\gordon@gostats[2].txt Medium
Advertising C:\Documents and Settings\Gordon\Cookies\gordon@adlegend[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Gordon\Cookies\gordon@go[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Gordon\Cookies\gordon@adj37.thruport[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Gordon\Cookies\gordon@geekstogo[2].txt Medium
Joltid P2P Networking C:\WINDOWS\browserxtras\pn\remove.exe Elevated
Grokster C:\WINDOWS\smdat32m.sys Medium
WhenU.Search C:\RECYCLER\S-1-5-21-746137067-813497703-725345543-500\Dc2.inf Low


Other Sections:



I haven't purchased Spyware Doctor but simply ran it i.e. didn't delete/remove infections (although it got rid of a 'BHO')
  • 0

#7
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Tommy Walker

This is a old version off HijackThis try this see if you can open and run it.

http://computercops....ackthis1982.zip

Kc :tazz:
  • 0

#8
Tommy Walker

Tommy Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Downloaded and unzipped but when I try to open it either takes me straight back to the desktop or gives me a quick look at.
  • 0

#9
Tommy Walker

Tommy Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
FYI when I last ran Spybot (during the scan) it comes up with 'There were problems with the include file C: Progam Files \ Spybot-Search_Destroy \ Includes \ Hijackers.sbi'...after hitting 'OK' it then continued the run and found nothing.
  • 0

#10
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Tommy Walker

Try this rename HijackThis.exe to Dogsbody.cmd

See if that works.

Kc :tazz:
  • 0

Advertisements


#11
Tommy Walker

Tommy Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
no...it just opens and closes super quickly

FYI

--------------------------------- SpySubtract session started ---------------------------------
Machine=MCNEIL
Time=Sat Aug 27 16:14:26 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\eAnthology'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'SOFTWARE\Acceleration Software International Corporation\WebScan'
Found '' in 'SOFTWARE\Acceleration Software International Corporation\eAnthology'
Found '' in 'SOFTWARE\Acceleration Software International Corporation\EanthologyApp'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Promotions\Broadband'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchsquire.com'
Found 'Tmp' in 'Software\Kazaa'
Found 'Status' in 'Software\Kazaa\Advanced'
Found 'BBDbLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc2' in 'Software\Kazaa\Promotions\Broadband'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'Date' in 'Software\Kazaa\Settings'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'UseCount' in 'Software\Kazaa\Settings'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Internet URL Shortcuts
Files and Directories
Found 'TFRA7.dat' in 'C:\Documents and Settings\Gordon\Application Data\Microsoft\MSN Messenger\115139087\CustomEmoticons'
Found 'TFRBE.dat' in 'C:\Documents and Settings\Gordon\Application Data\Microsoft\MSN Messenger\115139087\CustomEmoticons'
Found 'TFR20B.dat' in 'C:\Documents and Settings\Gordon\Application Data\Microsoft\MSN Messenger\981289373\CustomEmoticons'
Found 'LimeWire20.dll' in 'C:\Program Files\LimeWire'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\Gordon\Application Data\Microsoft\MSN Messenger\115139087\CustomEmoticons\TFRA7.dat' in shortcut areas.
Checking for 'C:\Documents and Settings\Gordon\Application Data\Microsoft\MSN Messenger\115139087\CustomEmoticons\TFRA7.dat' in startup areas.
Cleaning 'C:\Documents and Settings\Gordon\Application Data\Microsoft\MSN Messenger\115139087\CustomEmoticons\TFRA7.dat'
Checking for 'C:\Documents and Settings\Gordon\Application Data\Microsoft\MSN Messenger\115139087\CustomEmoticons\TFRBE.dat' in shortcut areas.
Checking for 'C:\Documents and Settings\Gordon\Application Data\Microsoft\MSN Messenger\115139087\CustomEmoticons\TFRBE.dat' in startup areas.
Cleaning 'C:\Documents and Settings\Gordon\Application Data\Microsoft\MSN Messenger\115139087\CustomEmoticons\TFRBE.dat'
Checking for 'C:\Documents and Settings\Gordon\Application Data\Microsoft\MSN Messenger\981289373\CustomEmoticons\TFR20B.dat' in shortcut areas.
Checking for 'C:\Documents and Settings\Gordon\Application Data\Microsoft\MSN Messenger\981289373\CustomEmoticons\TFR20B.dat' in startup areas.
Cleaning 'C:\Documents and Settings\Gordon\Application Data\Microsoft\MSN Messenger\981289373\CustomEmoticons\TFR20B.dat'
Checking for 'C:\Program Files\LimeWire\LimeWire20.dll' in shortcut areas.
Checking for 'C:\Program Files\LimeWire\LimeWire20.dll' in startup areas.
Cleaning 'C:\Program Files\LimeWire\LimeWire20.dll'
Finished Cleaning
  • 0

#12
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Tommy Walker

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Please download and install AD-Aware se.
Check Here on how setup and use it - please make sure you update it first. Don't run yet.

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Download and unzip cwsserviceremove to your desktop. use either link below:
cwsserviceremove
cwsserviceremove.zip

Download CW-Shredder at the link below:
CWShredder

Please download sphjfix Save it to your desktop, dont run it yet

Reboot into Safe Mode: Please see here if you are not sure how to do this.

Run Ewido full scan. Save the scan.log.

Run the spifix

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Run Ad-aware se let remove all it finds

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Double click on the cwsserviceremove and when asked to merge say yes

Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

Let the system reboot as normal.

Download the Hoster from here:
http://www.funkytoad...load/hoster.zip
Unzip the file and press "Restore Original Hosts" and press "OK". Exit Program.

Please run the following free, online virus scans.
http://enterprises.p...l_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.

Run HijackThis and post the new log.

Kc :tazz:

Edited by thatman, 28 August 2005 - 07:58 AM.

  • 0

#13
Tommy Walker

Tommy Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Activescan:

Incident Status Location

Virus:Bck/Botmail.E Disinfected Operating system
Adware:adware/keenvalue No disinfected C:\WINDOWS\BROWSERXTRAS\PN\remove.exe
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
Dialer:dialer.akd No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ
Adware:adware/exactsearch No disinfected Windows Registry
Virus:Bck/Botmail.E Disinfected C:\Documents and Settings\Gordon\Local Settings\Temp\BB.tmp
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20050825-092115.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20050825-101540.backup

-----------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:21:30 AM, on 29/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Telstra\BigPond Assist\assist.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Hearts - DNA\app.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Highjack\Dogsbody.cmd

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [ecc] C:\Program Files\Telstra\BigPond Assist\assist.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [boltzap] C:\Program Files\bolt\boltzap\BoltZap.exe
O4 - HKCU\..\Run: [D2C] C:\Documents and Settings\Gordon\Desktop\TFE-Trading-Messenger.exe
O4 - HKCU\..\Run: [Desktop News Alerts] C:\Program Files\Hearts - DNA\launch.exe
O4 - HKCU\..\Run: [svshost] C:\WINDOWS\system32\ninnlkhp\svshost.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~3\swdoctor.exe /Q
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://glass.webmast...000/java/cr.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...nt.asp?model=15
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.englishto...arMe/hmvcfe.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...2/OCI/setup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124994082671
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_aac.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28177.cab
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#14
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Tommy Walker

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Please download and install AD-Aware se.
Click Here on how setup and use it - please make sure you update it first. Don't run yet.

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Download Ewido Trojanís and malware remover http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate. Don't run yet

Reboot into Safe Mode: please see here if you are not sure how to do this.

Run Ewido full scan. Save the scan.log and post the log.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an check in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKCU\..\Run: [boltzap] C:\Program Files\bolt\boltzap\BoltZap.exe
O4 - HKCU\..\Run: [D2C] C:\Documents and Settings\Gordon\Desktop\TFE-Trading-Messenger.exe
O4 - HKCU\..\Run: [svshost] C:\WINDOWS\system32\ninnlkhp\svshost.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...nt.asp?model=15

Click on Fix Checked when finished and exit HijackThis.

Run Ad-aware se let it remove all it finds

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer (Yes.)
C:\Documents and Settings\Gordon\Desktop\TFE-Trading-Messenger.exe
C:\Documents and Settings\Gordon\Local Settings\Temp\BB.tmp
C:\WINDOWS\browserxtras\pn\remove.exe
C:\WINDOWS\system32\drivers\etc\hosts.20050825-092115.backup
C:\WINDOWS\system32\drivers\etc\hosts.20050825-101540.backup
C:\WINDOWS\BROWSERXTRAS\PN\remove.exe
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\ninnlkhp\svshost.exe


Let the system reboot as normal.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

Please run the following free, online virus scans.
http://enterprises.p...l_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.

Run HijackThis and post the new log.

Kc :tazz:
  • 0

#15
Tommy Walker

Tommy Walker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Incident Status Location

Adware:adware/keenvalue No disinfected C:\WINDOWS\BROWSERXTRAS\PN\remove.exe
Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
Dialer:dialer.akd No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ
Adware:adware/exactsearch No disinfected Windows Registry
Spyware:Spyware/Cydoor No disinfected C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
-----------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:08:43 AM, on 30/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Telstra\BigPond Assist\assist.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Hearts - DNA\app.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gordon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [ecc] C:\Program Files\Telstra\BigPond Assist\assist.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Desktop News Alerts] C:\Program Files\Hearts - DNA\launch.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://glass.webmast...000/java/cr.cab
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.englishto...arMe/hmvcfe.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...2/OCI/setup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124994082671
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28177.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai...ol/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_aac.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28177.cab
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP