Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

infected [RESOLVED]


  • This topic is locked This topic is locked

#1
hildegain

hildegain

    Member

  • Member
  • PipPip
  • 15 posts
Ad-Aware SE Build 1.06r1
Logfile Created on:26 August 2005 18:28:09
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):3 total references
CoolWebSearch(TAC index:10):2 total references
MRU List(TAC index:0):34 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


26-08-2005 18:28:10 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\colin\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\colin\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\macromedia\flash 7\recent file list
Description : list of recently used files in macromedia flash


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-299502267-813497703-1957994488-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 372
ThreadCreationTime : 26-08-2005 16:45:03
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 420
ThreadCreationTime : 26-08-2005 16:45:07
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 444
ThreadCreationTime : 26-08-2005 16:45:09
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 26-08-2005 16:45:14
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 26-08-2005 16:45:14
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 26-08-2005 16:45:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 708
ThreadCreationTime : 26-08-2005 16:45:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 828
ThreadCreationTime : 26-08-2005 16:45:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 852
ThreadCreationTime : 26-08-2005 16:45:24
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 26-08-2005 16:45:27
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1060
ThreadCreationTime : 26-08-2005 16:45:45
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:12 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1088
ThreadCreationTime : 26-08-2005 16:45:46
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:13 [isafe.exe]
FilePath : C:\WINDOWS\System32\ZoneLabs\
ProcessID : 1112
ThreadCreationTime : 26-08-2005 16:45:48
BasePriority : Normal
FileVersion : Version 10.63.0.1
ProductVersion : Version 10.63.0.1
ProductName : ISafe
CompanyName : Computer Associates International, Inc.
FileDescription : ISafe Service
InternalName : ISafe
LegalCopyright : © 2003 Computer Associates International, Inc.
LegalTrademarks : Vet is a trademark of Computer Associates International, Inc.
OriginalFilename : ISafe.exe
Comments : ISafe

#:14 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1140
ThreadCreationTime : 26-08-2005 16:45:49
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:15 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1220
ThreadCreationTime : 26-08-2005 16:45:50
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1236
ThreadCreationTime : 26-08-2005 16:45:51
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1324
ThreadCreationTime : 26-08-2005 16:45:53
BasePriority : Normal
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1204
ThreadCreationTime : 26-08-2005 16:59:12
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:19 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1800
ThreadCreationTime : 26-08-2005 16:59:40
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:20 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1848
ThreadCreationTime : 26-08-2005 16:59:47
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:21 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1852
ThreadCreationTime : 26-08-2005 16:59:48
BasePriority : Normal
FileVersion : 5.0.590.015
ProductVersion : 5.0.590.015
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlclient.exe

#:22 [vsnpstd2.exe]
FilePath : C:\WINDOWS\
ProcessID : 1368
ThreadCreationTime : 26-08-2005 16:59:49
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : CameraMonitor Application
FileDescription : CameraMonitor MFC Application
InternalName : CameraMonitor
LegalCopyright : Copyright © 2003
OriginalFilename : CameraMonitor.EXE

#:23 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 908
ThreadCreationTime : 26-08-2005 16:59:50
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:24 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1964
ThreadCreationTime : 26-08-2005 17:00:10
BasePriority : Normal
FileVersion : 7.0.0813
ProductVersion : 7.0.0813
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:25 [lngknjk.exe]
FilePath : C:\windows\
ProcessID : 2024
ThreadCreationTime : 26-08-2005 17:00:12
BasePriority : Normal


#:26 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1468
ThreadCreationTime : 26-08-2005 17:10:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:27 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1892
ThreadCreationTime : 26-08-2005 17:10:48
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:28 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 984
ThreadCreationTime : 26-08-2005 17:14:58
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:29 [wpsetup[1].exe]
FilePath : C:\Documents and Settings\colin\Local Settings\Temporary Internet Files\Content.IE5\0KQXDF1X\
ProcessID : 2076
ThreadCreationTime : 26-08-2005 17:16:30
BasePriority : Normal


#:30 [ntvdm.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2092
ThreadCreationTime : 26-08-2005 17:16:33
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1d27210e-2da2-41e2-a103-b5fd9d6a798b}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-299502267-813497703-1957994488-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 39


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-299502267-813497703-1957994488-1003\Software\Microsoft\Internet Explorer\SearchURLSearchURLfind4u.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://top-find4u.com/sp.htm"
TAC Rating : 5
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-299502267-813497703-1957994488-1003\Software\Microsoft\Internet Explorer\SearchURL
Value : SearchURL
Data : "http://top-find4u.com/sp.htm"

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 40


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colin@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:colin@2o7.net/
Expires : 23-08-2010 18:20:14
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colin@servedby.netshelter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:colin@servedby.netshelter.net/
Expires : 02-09-2005 18:16:44
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 42



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 42
18:46:25 Scan stopped by user

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:14.534
Objects scanned:98746
Objects identified:8
Objects ignored:0
New critical objects:8

___________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 18:50:34, on 26/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\windows\lngknjk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\colin\Local Settings\Temporary Internet Files\Content.IE5\0KQXDF1X\wpsetup[1].exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
R3 - URLSearchHook: (no name) - {5DF5C725-B5FC-E409-077E-170681144B24} - clamav.dll (file missing)
F2 - REG:system.ini: Shell=
F3 - REG:win.ini: run=C:\WINDOWS\inet20081\services.exe
O2 - BHO: (no name) - {BE56890A-471C-C56C-72B0-6DECF5B8FF41} - (no file)
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKLM\..\Run: [NopeZ] bingo9.exe
O4 - HKLM\..\Run: [bingo9] sbin.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [lyitulq] c:\windows\mqincuo.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKCU\..\Run: [xnswdmq] c:\windows\lngknjk.exe
O4 - HKCU\..\Run: [lnnpnem] c:\windows\lngknjk.exe
O4 - HKCU\..\Run: [dialer423] Uint32.exe
O4 - HKCU\..\Run: [hyandex] atl_helper.exe
O4 - HKCU\..\Run: [control64] nmdllw.exe
O4 - HKCU\..\Run: [bcobepd] c:\windows\vyuxhgq.exe
O4 - HKCU\..\Run: [gfxbkve] c:\windows\vyuxhgq.exe
O4 - HKCU\..\Run: [eiscgkc] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [rporqgl] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [nmrpskh] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [koymsgl] c:\windows\hmjgssm.exe
O4 - HKCU\..\Run: [pqyqdhq] c:\windows\htulhii.exe
O4 - HKCU\..\Run: [cnifwly] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [xgragqy] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [btjatkb] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [eijsquo] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [sikvnwm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ueuhvcq] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [stsiodq] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [txfwdgx] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [jrcfkad] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [qydvscm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [hocgbbe] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [fhwxytc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [khgmtqw] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [rtngpdk] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [vqyiedi] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tosxnhc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tchbrap] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nrjabcl] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tolxcgj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [dpdcvnh] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ljgsttm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [mnpofrc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [iwjeuqj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [iopjkeo] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [fpbnvuc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [pxwfnbj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nekawkk] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ggcosoj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ilpqsnn] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [dyybkba] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nrnwftr] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [loaigwc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [goblqdr] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [imnuwpt] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [rsyymrw] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ncojxtp] c:\windows\ntuvpjl.exe
O4 - HKCU\..\Run: [jssljbo] c:\windows\mqpdpjv.exe
O4 - HKCU\..\Run: [trvssgf] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [wrgwhyx] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [qdxwqlj] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [fkoqiiw] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [ngmqvwq] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [utwupmw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kksnueg] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [tmxjuxm] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [nxbxkns] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yudvyfn] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [mwvnvke] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [mshxhlk] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kxqksdo] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [drrrhgf] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ntcinxl] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yonhpbf] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kqsmqbj] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yeejylk] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [cyvyrvg] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ejxatno] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yupubvh] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [qtihski] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [owqjqce] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [sbkfcqw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [datmkjn] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [hlnlsxw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ycdfppq] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [auxhfsh] c:\windows\rxdgocp.exe
O4 - HKCU\..\Run: [ioybomw] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [dknrtyb] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [coyihrc] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [knkvbta] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [kebisof] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [mlvvgtc] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [tjjxgie] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [kuuafbt] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [unemrnj] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [naefhwe] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [ufaylod] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [xysoaut] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [gkwsrue] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [shuxiuo] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [oyqdpkb] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [tndgeva] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [bneaobx] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [waomawk] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [lpwappi] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [swhvpvv] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [yyepvfo] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [lmpgojt] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [hmaaxty] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [dejldiw] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [pigkhkv] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [yyuqvkg] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [gsopram] c:\windows\nnrwaur.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxmk121AXGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {36132EAC-ED4C-4916-B687-F0C650FAC77D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {36132EAC-ED4C-4916-B687-F0C650FAC77D} - (no file) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119897570061
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} (MFInstall Class) - http://c.ancestry.co...l/MFInstall.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O21 - SSODL: systemp - {8B3006E5-AC07-40FB-A44F-3508B2462C82} - systemp.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!

Let's run Ad-aware COMPLETELY first with updated definitions. Since I can see you stopped the scan, it didn't do it completely. You also didn't update the program first.

Please do the following steps:

Download CleanUp
Install the program, dont run it yet, we will later.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon, Click "connect", Click "OK", Click "Finish".)

IF you are having problems with the updating, get the manual updates here; http://download.lava...public/defs.zip

2. Set up the Configurations as follows:
  • Click the Gear wheel at the top of the Ad-Aware window
  • Click General > Safety & Settings: Check (Green) all three.
  • Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click on "Proceed"
4. Click on "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to every "target family" for removal.
11. Click "Next", Click "OK".

Exit Ad-aware..

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select Yes
  • Close CleanUp
Once rebooted, launch HiJackThis and go to the "Misc tools Section". Launch ADS Spy, and run a scan with it. Do NOT remove anything yet, just post the log here by saving it somewhere you remember. No need to post the Ad-aware logfile if you run it as I descriped above.

- Rawe :tazz:
  • 0

#3
hildegain

hildegain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok i did what you asked here is my log

C:\WINDOWS\active setup log.txt : KAVICHS (36 bytes)
C:\WINDOWS\amcap.exe : KAVICHS (36 bytes)
C:\WINDOWS\bootstat.dat : KAVICHS (36 bytes)
C:\WINDOWS\clock.avi : KAVICHS (36 bytes)
C:\WINDOWS\comsetup.log : KAVICHS (36 bytes)
C:\WINDOWS\DirectX.log : KAVICHS (36 bytes)
C:\WINDOWS\doapnkf.exe : KAVICHS (68 bytes)
C:\WINDOWS\DtcInstall.log : KAVICHS (36 bytes)
C:\WINDOWS\explorer.exe : KAVICHS (68 bytes)
C:\WINDOWS\explorer.scf : KAVICHS (36 bytes)
C:\WINDOWS\FaxSetup.log : KAVICHS (36 bytes)
C:\WINDOWS\fephmrn.exe : KAVICHS (68 bytes)
C:\WINDOWS\GEARInstall.log : KAVICHS (36 bytes)
C:\WINDOWS\GPInstall.exe : KAVICHS (36 bytes)
C:\WINDOWS\hh.exe : KAVICHS (36 bytes)
C:\WINDOWS\hinvhgb.exe : KAVICHS (68 bytes)
C:\WINDOWS\hmjgssm.exe : KAVICHS (68 bytes)
C:\WINDOWS\htulhii.exe : KAVICHS (68 bytes)
C:\WINDOWS\ie7beta1.log : KAVICHS (36 bytes)
C:\WINDOWS\iis6.log : KAVICHS (36 bytes)
C:\WINDOWS\imsins.log : KAVICHS (36 bytes)
C:\WINDOWS\IsUninst.exe : KAVICHS (36 bytes)
C:\WINDOWS\iun6002.exe : KAVICHS (36 bytes)
C:\WINDOWS\ivtokyl.exe : KAVICHS (36 bytes)
C:\WINDOWS\KB842773.log : KAVICHS (36 bytes)
C:\WINDOWS\KB842773Uninst.log : KAVICHS (36 bytes)
C:\WINDOWS\KB873333.log : KAVICHS (36 bytes)
C:\WINDOWS\KB873339.log : KAVICHS (36 bytes)
C:\WINDOWS\KB885835.log : KAVICHS (36 bytes)
C:\WINDOWS\KB885836.log : KAVICHS (36 bytes)
C:\WINDOWS\KB888113.log : KAVICHS (36 bytes)
C:\WINDOWS\KB888302.log : KAVICHS (36 bytes)
C:\WINDOWS\KB890046.log : KAVICHS (36 bytes)
C:\WINDOWS\KB890175.log : KAVICHS (36 bytes)
C:\WINDOWS\KB890859.log : KAVICHS (36 bytes)
C:\WINDOWS\KB891781.log : KAVICHS (36 bytes)
C:\WINDOWS\KB892944.log : KAVICHS (36 bytes)
C:\WINDOWS\KB893066.log : KAVICHS (36 bytes)
C:\WINDOWS\KB893086.log : KAVICHS (36 bytes)
C:\WINDOWS\KB893803v2.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896358.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896422.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896426.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896428.log : KAVICHS (36 bytes)
C:\WINDOWS\KB898461.log : KAVICHS (36 bytes)
C:\WINDOWS\lngknjk.exe : KAVICHS (68 bytes)
C:\WINDOWS\MedCtrOC.log : KAVICHS (36 bytes)
C:\WINDOWS\ModemLog_Generic SoftK56.txt : KAVICHS (36 bytes)
C:\WINDOWS\mqincuo.exe : KAVICHS (68 bytes)
C:\WINDOWS\mqpdpjv.exe : KAVICHS (68 bytes)
C:\WINDOWS\msdfmap.ini : KAVICHS (36 bytes)
C:\WINDOWS\msgsocm.log : KAVICHS (36 bytes)
C:\WINDOWS\msmqinst.log : KAVICHS (36 bytes)
C:\WINDOWS\nero.INI : KAVICHS (36 bytes)
C:\WINDOWS\netfxocm.log : KAVICHS (36 bytes)
C:\WINDOWS\nnrwaur.exe : KAVICHS (68 bytes)
C:\WINDOWS\NOTEPAD.EXE : KAVICHS (36 bytes)
C:\WINDOWS\ntbtlog.txt : KAVICHS (36 bytes)
C:\WINDOWS\ntdtcsetup.log : KAVICHS (36 bytes)
C:\WINDOWS\ntuvpjl.exe : KAVICHS (68 bytes)
C:\WINDOWS\ocgen.log : KAVICHS (36 bytes)
C:\WINDOWS\ocmsn.log : KAVICHS (36 bytes)
C:\WINDOWS\ODBC.INI : KAVICHS (36 bytes)
C:\WINDOWS\ODBCINST.INI : KAVICHS (36 bytes)
C:\WINDOWS\OEWABLog.txt : KAVICHS (36 bytes)
C:\WINDOWS\oipgour.exe : KAVICHS (36 bytes)
C:\WINDOWS\PestPatrol.ini : KAVICHS (36 bytes)
C:\WINDOWS\PEX.INI : KAVICHS (36 bytes)
C:\WINDOWS\prajbvq.exe : KAVICHS (68 bytes)
C:\WINDOWS\regedit.exe : KAVICHS (36 bytes)
C:\WINDOWS\REGLOCS.OLD : KAVICHS (36 bytes)
C:\WINDOWS\regopt.log : KAVICHS (36 bytes)
C:\WINDOWS\resetlog.txt : KAVICHS (36 bytes)
C:\WINDOWS\rxdgocp.exe : KAVICHS (68 bytes)
C:\WINDOWS\SchedLgU.Txt : KAVICHS (36 bytes)
C:\WINDOWS\sessmgr.setup.log : KAVICHS (36 bytes)
C:\WINDOWS\setupact.log : KAVICHS (36 bytes)
C:\WINDOWS\setupapi.log : KAVICHS (36 bytes)
C:\WINDOWS\setuplog.txt : KAVICHS (36 bytes)
C:\WINDOWS\SetupPestPatrolBeta.mif : KAVICHS (36 bytes)
C:\WINDOWS\smdat32m.sys : KAVICHS (36 bytes)
C:\WINDOWS\snpstd2.ini : KAVICHS (36 bytes)
C:\WINDOWS\snpstd2.src : KAVICHS (36 bytes)
C:\WINDOWS\sxwjyqo.exe : KAVICHS (68 bytes)
C:\WINDOWS\tabletoc.log : KAVICHS (36 bytes)
C:\WINDOWS\TASKMAN.EXE : KAVICHS (36 bytes)
C:\WINDOWS\tsoc.log : KAVICHS (36 bytes)
C:\WINDOWS\twain.dll : KAVICHS (36 bytes)
C:\WINDOWS\twain_32.dll : KAVICHS (36 bytes)
C:\WINDOWS\twunk_16.exe : KAVICHS (36 bytes)
C:\WINDOWS\twunk_32.exe : KAVICHS (36 bytes)
C:\WINDOWS\Ulead32.ini : KAVICHS (36 bytes)
C:\WINDOWS\ulfooyg.exe : KAVICHS (68 bytes)
C:\WINDOWS\unhcnrk.exe : KAVICHS (36 bytes)
C:\WINDOWS\UNNeroVision.cfg : KAVICHS (36 bytes)
C:\WINDOWS\UNNeroVision.exe : KAVICHS (36 bytes)
C:\WINDOWS\unvise32qt.exe : KAVICHS (36 bytes)
C:\WINDOWS\UPSCR.Scr : KAVICHS (36 bytes)
C:\WINDOWS\usnpstd2.exe : KAVICHS (36 bytes)
C:\WINDOWS\vb.ini : KAVICHS (36 bytes)
C:\WINDOWS\vbaddin.ini : KAVICHS (36 bytes)
C:\WINDOWS\vmmreg32.dll : KAVICHS (36 bytes)
C:\WINDOWS\vsnpstd2.exe : KAVICHS (68 bytes)
C:\WINDOWS\vyuxhgq.exe : KAVICHS (68 bytes)
C:\WINDOWS\wiaservc.log : KAVICHS (36 bytes)
C:\WINDOWS\Windows Update.log : KAVICHS (36 bytes)
C:\WINDOWS\WindowsUpdate.log : KAVICHS (100 bytes)
C:\WINDOWS\winhelp.exe : KAVICHS (36 bytes)
C:\WINDOWS\winhlp32.exe : KAVICHS (36 bytes)
C:\WINDOWS\wininit.ini : KAVICHS (36 bytes)
C:\WINDOWS\winnt.bmp : KAVICHS (36 bytes)
C:\WINDOWS\winnt256.bmp : KAVICHS (36 bytes)
C:\WINDOWS\wmsetup.log : KAVICHS (36 bytes)
C:\WINDOWS\wmsetup10.log : KAVICHS (36 bytes)
C:\WINDOWS\WMSysPr9.prx : KAVICHS (36 bytes)
C:\WINDOWS\WMSysPrx.prx : KAVICHS (36 bytes)
C:\WINDOWS\WORDPAD.INI : KAVICHS (36 bytes)
C:\WINDOWS\zllsputility.exe : KAVICHS (36 bytes)
C:\WINDOWS\_default.pif : KAVICHS (36 bytes)
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again!

Please print these instructions out, or write them down, as you can't read them during the fix.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run CleanUp! Click CleanUp and allow it to delete all the temporary files. REBOOT!!

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

- Rawe :tazz:
  • 0

#5
hildegain

hildegain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok those programs didn't work the way they were said to, and my internet browser is still sometimes crashing or coming up with abcsearch4u

here are my logs

(8/26/05 22:58:33) SPSeHjFix started v1.1.2
(8/26/05 22:58:33) OS: WinXP Service Pack 1 (5.1.2600)
(8/26/05 22:58:33) Language: english
(8/26/05 22:58:33) Win-Path: C:\WINDOWS
(8/26/05 22:58:33) System-Path: C:\WINDOWS\System32
(8/26/05 22:58:33) Temp-Path: C:\DOCUME~1\colin\LOCALS~1\Temp\
(8/26/05 22:58:35) Disinfection started
(8/26/05 22:58:35) Bad-Dll(IEP): (not found)
(8/26/05 22:58:35) Bad-Dll(IEP) in BHO: (not found)
(8/26/05 22:58:35) UBF: 4 - UBB: 0 - UBR: 133
(8/26/05 22:58:35) UBF: 4 - UBB: 0 - UBR: 133
(8/26/05 22:58:35) Bad IE-pages: (none)
(8/26/05 22:58:35) Stealth-String not found
(8/26/05 22:58:35) Not infected->END



AboutBuster 5.0 reference file 28
Scan started on [26/08/2005] at [22:48:17]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 22:48:52


AboutBuster 5.0 reference file 28
Scan started on [26/08/2005] at [22:51:07]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 22:51:33


AboutBuster 5.0 reference file 28
Scan started on [26/08/2005] at [22:54:37]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 22:55:13


Logfile of HijackThis v1.99.1
Scan saved at 23:04:41, on 26/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
R3 - URLSearchHook: (no name) - {5DF5C725-B5FC-E409-077E-170681144B24} - clamav.dll (file missing)
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {BE56890A-471C-C56C-72B0-6DECF5B8FF41} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKLM\..\Run: [NopeZ] bingo9.exe
O4 - HKLM\..\Run: [bingo9] sbin.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [lyitulq] c:\windows\mqincuo.exe
O4 - HKCU\..\Run: [xnswdmq] c:\windows\lngknjk.exe
O4 - HKCU\..\Run: [lnnpnem] c:\windows\lngknjk.exe
O4 - HKCU\..\Run: [dialer423] Uint32.exe
O4 - HKCU\..\Run: [hyandex] atl_helper.exe
O4 - HKCU\..\Run: [control64] nmdllw.exe
O4 - HKCU\..\Run: [bcobepd] c:\windows\vyuxhgq.exe
O4 - HKCU\..\Run: [gfxbkve] c:\windows\vyuxhgq.exe
O4 - HKCU\..\Run: [eiscgkc] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [rporqgl] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [nmrpskh] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [koymsgl] c:\windows\hmjgssm.exe
O4 - HKCU\..\Run: [pqyqdhq] c:\windows\htulhii.exe
O4 - HKCU\..\Run: [cnifwly] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [xgragqy] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [btjatkb] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [eijsquo] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [sikvnwm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ueuhvcq] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [stsiodq] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [txfwdgx] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [jrcfkad] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [qydvscm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [hocgbbe] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [fhwxytc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [khgmtqw] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [rtngpdk] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [vqyiedi] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tosxnhc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tchbrap] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nrjabcl] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tolxcgj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [dpdcvnh] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ljgsttm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [mnpofrc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [iwjeuqj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [iopjkeo] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [fpbnvuc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [pxwfnbj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nekawkk] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ggcosoj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ilpqsnn] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [dyybkba] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nrnwftr] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [loaigwc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [goblqdr] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [imnuwpt] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [rsyymrw] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ncojxtp] c:\windows\ntuvpjl.exe
O4 - HKCU\..\Run: [jssljbo] c:\windows\mqpdpjv.exe
O4 - HKCU\..\Run: [trvssgf] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [wrgwhyx] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [qdxwqlj] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [fkoqiiw] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [ngmqvwq] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [utwupmw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kksnueg] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [tmxjuxm] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [nxbxkns] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yudvyfn] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [mwvnvke] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [mshxhlk] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kxqksdo] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [drrrhgf] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ntcinxl] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yonhpbf] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kqsmqbj] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yeejylk] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [cyvyrvg] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ejxatno] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yupubvh] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [qtihski] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [owqjqce] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [sbkfcqw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [datmkjn] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [hlnlsxw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ycdfppq] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [auxhfsh] c:\windows\rxdgocp.exe
O4 - HKCU\..\Run: [ioybomw] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [dknrtyb] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [coyihrc] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [knkvbta] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [kebisof] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [mlvvgtc] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [tjjxgie] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [kuuafbt] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [unemrnj] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [naefhwe] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [ufaylod] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [xysoaut] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [gkwsrue] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [shuxiuo] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [oyqdpkb] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [tndgeva] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [bneaobx] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [waomawk] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [lpwappi] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [swhvpvv] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [yyepvfo] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [lmpgojt] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [hmaaxty] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [dejldiw] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [pigkhkv] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [yyuqvkg] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [gsopram] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [mpndgmo] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [mohhnjx] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [unqlttw] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [chuinuk] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [vepqrfq] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [splwuwf] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [suttgdi] c:\windows\sxwjyqo.exe
O4 - HKCU\..\Run: [tgenxqt] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [bsntunu] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [crqkoiw] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [almlrru] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [caygsen] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [mmdqoux] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [gyiqtqh] c:\windows\wccgbpf.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {36132EAC-ED4C-4916-B687-F0C650FAC77D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {36132EAC-ED4C-4916-B687-F0C650FAC77D} - (no file) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119897570061
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} (MFInstall Class) - http://c.ancestry.co...l/MFInstall.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O21 - SSODL: systemp - {8B3006E5-AC07-40FB-A44F-3508B2462C82} - systemp.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Can you update Ewido security suite to the latest definitions.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, run a scan with HiJackThis and check the following objects for removal:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
R3 - URLSearchHook: (no name) - {5DF5C725-B5FC-E409-077E-170681144B24} - clamav.dll (file missing)
O2 - BHO: (no name) - {BE56890A-471C-C56C-72B0-6DECF5B8FF41} - (no file)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKLM\..\Run: [NopeZ] bingo9.exe
O4 - HKLM\..\Run: [bingo9] sbin.exe
O4 - HKCU\..\Run: [lyitulq] c:\windows\mqincuo.exe
O4 - HKCU\..\Run: [xnswdmq] c:\windows\lngknjk.exe
O4 - HKCU\..\Run: [lnnpnem] c:\windows\lngknjk.exe
O4 - HKCU\..\Run: [dialer423] Uint32.exe
O4 - HKCU\..\Run: [hyandex] atl_helper.exe
O4 - HKCU\..\Run: [control64] nmdllw.exe
O4 - HKCU\..\Run: [bcobepd] c:\windows\vyuxhgq.exe
O4 - HKCU\..\Run: [gfxbkve] c:\windows\vyuxhgq.exe
O4 - HKCU\..\Run: [eiscgkc] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [rporqgl] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [nmrpskh] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [koymsgl] c:\windows\hmjgssm.exe
O4 - HKCU\..\Run: [pqyqdhq] c:\windows\htulhii.exe
O4 - HKCU\..\Run: [cnifwly] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [xgragqy] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [btjatkb] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [eijsquo] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [sikvnwm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ueuhvcq] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [stsiodq] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [txfwdgx] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [jrcfkad] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [qydvscm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [hocgbbe] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [fhwxytc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [khgmtqw] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [rtngpdk] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [vqyiedi] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tosxnhc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tchbrap] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nrjabcl] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tolxcgj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [dpdcvnh] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ljgsttm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [mnpofrc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [iwjeuqj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [iopjkeo] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [fpbnvuc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [pxwfnbj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nekawkk] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ggcosoj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ilpqsnn] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [dyybkba] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nrnwftr] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [loaigwc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [goblqdr] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [imnuwpt] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [rsyymrw] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ncojxtp] c:\windows\ntuvpjl.exe
O4 - HKCU\..\Run: [jssljbo] c:\windows\mqpdpjv.exe
O4 - HKCU\..\Run: [trvssgf] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [wrgwhyx] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [qdxwqlj] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [fkoqiiw] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [ngmqvwq] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [utwupmw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kksnueg] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [tmxjuxm] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [nxbxkns] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yudvyfn] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [mwvnvke] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [mshxhlk] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kxqksdo] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [drrrhgf] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ntcinxl] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yonhpbf] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kqsmqbj] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yeejylk] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [cyvyrvg] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ejxatno] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yupubvh] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [qtihski] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [owqjqce] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [sbkfcqw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [datmkjn] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [hlnlsxw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ycdfppq] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [auxhfsh] c:\windows\rxdgocp.exe
O4 - HKCU\..\Run: [ioybomw] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [dknrtyb] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [coyihrc] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [knkvbta] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [kebisof] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [mlvvgtc] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [tjjxgie] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [kuuafbt] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [unemrnj] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [naefhwe] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [ufaylod] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [xysoaut] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [gkwsrue] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [shuxiuo] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [oyqdpkb] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [tndgeva] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [bneaobx] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [waomawk] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [lpwappi] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [swhvpvv] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [yyepvfo] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [lmpgojt] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [hmaaxty] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [dejldiw] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [pigkhkv] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [yyuqvkg] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [gsopram] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [mpndgmo] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [mohhnjx] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [unqlttw] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [chuinuk] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [vepqrfq] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [splwuwf] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [suttgdi] c:\windows\sxwjyqo.exe
O4 - HKCU\..\Run: [tgenxqt] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [bsntunu] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [crqkoiw] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [almlrru] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [caygsen] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [mmdqoux] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [gyiqtqh] c:\windows\wccgbpf.exe
O21 - SSODL: systemp - {8B3006E5-AC07-40FB-A44F-3508B2462C82} - systemp.dll (file missing)


Close ALL open windows except for HiJackThis and hit FIX CHECKED.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files - option.

Delete the following files if present:

C:\WINDOWS\inet20081\services.exe
bingo9.exe <= Locate using Windows Search
sbin.exe <= Locate using Windows Search
c:\windows\mqincuo.exe
c:\windows\lngknjk.exe
Uint32.exe <= Locate using Windows Search
atl_helper.exe
nmdllw.exe <= Locate using Windows Search
c:\windows\vyuxhgq.exe
c:\windows\doapnkf.exe
c:\windows\hmjgssm.exe
c:\windows\htulhii.exe
c:\windows\fephmrn.exe
c:\windows\ntuvpjl.exe
c:\windows\mqpdpjv.exe
c:\windows\oipgour.exe
c:\windows\prajbvq.exe
c:\windows\rxdgocp.exe
c:\windows\hinvhgb.exe
c:\windows\nnrwaur.exe
c:\windows\sxwjyqo.exe
c:\windows\ulfooyg.exe
c:\windows\wccgbpf.exe


Empty recycle bin.

Now open Ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido.

Then reboot into normal mode and post me the Ewido log along with a fresh HiJackThis log. :tazz:
  • 0

#7
hildegain

hildegain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok i did what you said. i am still experiencing problems, here you go, these are my logs


EWIDO

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 17:56:00, 27/08/2005
+ Report-Checksum: C20C2BA7

+ Scan result:

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} -> TrojanDownloader.WebP2P : Cleaned with backup


::Report End

HIJACK THIS

Logfile of HijackThis v1.99.1
Scan saved at 18:02:58, on 27/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\windows\splggjw.exe
C:\WINDOWS\System32\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
R3 - URLSearchHook: (no name) - {5DF5C725-B5FC-E409-077E-170681144B24} - clamav.dll (file missing)
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BE56890A-471C-C56C-72B0-6DECF5B8FF41} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20081\services.exe
O4 - HKLM\..\Run: [NopeZ] bingo9.exe
O4 - HKLM\..\Run: [bingo9] sbin.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [lyitulq] c:\windows\mqincuo.exe
O4 - HKCU\..\Run: [xnswdmq] c:\windows\lngknjk.exe
O4 - HKCU\..\Run: [lnnpnem] c:\windows\lngknjk.exe
O4 - HKCU\..\Run: [dialer423] Uint32.exe
O4 - HKCU\..\Run: [control64] nmdllw.exe
O4 - HKCU\..\Run: [bcobepd] c:\windows\vyuxhgq.exe
O4 - HKCU\..\Run: [gfxbkve] c:\windows\vyuxhgq.exe
O4 - HKCU\..\Run: [eiscgkc] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [rporqgl] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [nmrpskh] c:\windows\doapnkf.exe
O4 - HKCU\..\Run: [koymsgl] c:\windows\hmjgssm.exe
O4 - HKCU\..\Run: [pqyqdhq] c:\windows\htulhii.exe
O4 - HKCU\..\Run: [cnifwly] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [xgragqy] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [btjatkb] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [eijsquo] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [sikvnwm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ueuhvcq] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [stsiodq] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [txfwdgx] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [jrcfkad] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [qydvscm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [hocgbbe] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [fhwxytc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [khgmtqw] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [rtngpdk] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [vqyiedi] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tosxnhc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tchbrap] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nrjabcl] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [tolxcgj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [dpdcvnh] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ljgsttm] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [mnpofrc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [iwjeuqj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [iopjkeo] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [fpbnvuc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [pxwfnbj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nekawkk] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ggcosoj] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ilpqsnn] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [dyybkba] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [nrnwftr] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [loaigwc] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [goblqdr] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [imnuwpt] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [rsyymrw] c:\windows\fephmrn.exe
O4 - HKCU\..\Run: [ncojxtp] c:\windows\ntuvpjl.exe
O4 - HKCU\..\Run: [jssljbo] c:\windows\mqpdpjv.exe
O4 - HKCU\..\Run: [trvssgf] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [wrgwhyx] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [qdxwqlj] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [fkoqiiw] c:\windows\oipgour.exe
O4 - HKCU\..\Run: [ngmqvwq] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [utwupmw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kksnueg] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [tmxjuxm] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [nxbxkns] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yudvyfn] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [mwvnvke] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [mshxhlk] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kxqksdo] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [drrrhgf] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ntcinxl] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yonhpbf] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [kqsmqbj] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yeejylk] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [cyvyrvg] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ejxatno] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [yupubvh] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [qtihski] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [owqjqce] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [sbkfcqw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [datmkjn] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [hlnlsxw] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [ycdfppq] c:\windows\prajbvq.exe
O4 - HKCU\..\Run: [auxhfsh] c:\windows\rxdgocp.exe
O4 - HKCU\..\Run: [ioybomw] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [dknrtyb] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [coyihrc] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [knkvbta] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [kebisof] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [mlvvgtc] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [tjjxgie] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [kuuafbt] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [unemrnj] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [naefhwe] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [ufaylod] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [xysoaut] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [gkwsrue] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [shuxiuo] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [oyqdpkb] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [tndgeva] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [bneaobx] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [waomawk] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [lpwappi] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [swhvpvv] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [yyepvfo] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [lmpgojt] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [hmaaxty] c:\windows\hinvhgb.exe
O4 - HKCU\..\Run: [dejldiw] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [pigkhkv] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [yyuqvkg] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [gsopram] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [mpndgmo] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [mohhnjx] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [unqlttw] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [chuinuk] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [vepqrfq] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [splwuwf] c:\windows\nnrwaur.exe
O4 - HKCU\..\Run: [suttgdi] c:\windows\sxwjyqo.exe
O4 - HKCU\..\Run: [tgenxqt] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [bsntunu] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [crqkoiw] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [almlrru] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [caygsen] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [mmdqoux] c:\windows\ulfooyg.exe
O4 - HKCU\..\Run: [gyiqtqh] c:\windows\wccgbpf.exe
O4 - HKCU\..\Run: [ueicjni] c:\windows\splggjw.exe
O4 - HKCU\..\Run: [vwuyrue] c:\windows\ucdxftm.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {36132EAC-ED4C-4916-B687-F0C650FAC77D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {36132EAC-ED4C-4916-B687-F0C650FAC77D} - (no file) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119897570061
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} (MFInstall Class) - http://c.ancestry.co...l/MFInstall.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O21 - SSODL: systemp - {8B3006E5-AC07-40FB-A44F-3508B2462C82} - systemp.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


ok, my internet is getting weird, i have internet explorer and firefox, it's rare that one of them will work, i keep trying to acces the internet but they're sometimes acting like there is no connection and cannot find any page. please reply soon i want to resolve this matter

Edited by hildegain, 28 August 2005 - 02:33 PM.

  • 0

#8
hildegain

hildegain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok, did a scan with my spybot and i found a smitfruad-c trojan/spyware 25 entries, spybot will not delete it and i do not know what to do, my home page has stopped changing to abcsearch4u but now any application i have that runs off the internet wont update or play, here is my hjt log

Logfile of HijackThis v1.99.1
Scan saved at 21:18:26, on 28/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119897570061
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#9
hildegain

hildegain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
no worries i fixed the problem, no need for anymore help i believe if you wish you may now close this thread thank you
  • 0

#10
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP