Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow Computer [CLOSED]


  • This topic is locked This topic is locked

#1
pleasehelpmenow

pleasehelpmenow

    Member

  • Member
  • PipPipPip
  • 107 posts
My computer runs slow at times for some reason. I sometimes get redirected to p*rn sites when browsing the internet.

my McShield.exe take like 35 CPU, even when im not scanning, and it never usually does that. My gaming experience has slow too :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 14:35:34, on 22/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\indigoperl\apache\bin\apache.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\indigoperl\apache\bin\apache.exe
C:\Program Files\Search Engine Commando\ScheduleService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\RFA\rfagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\explorer.exe
C:\Hacking\Accessdiver\ad4.173.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.211.74:80
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.co...otDateTeleX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15....es/MsnPUpld.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.co...erstarTeleX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1106693346249
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toont...5.33/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A52534C-C774-400A-9C09-680580901DDA}: NameServer = 85.255.113.139,85.255.112.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CC85215-FFC4-49A8-85ED-45E6514A1836}: NameServer = 85.255.113.139,85.255.112.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8EEACDE-5821-4B24-8A8B-BEE11914C9CA}: NameServer = 85.255.113.139,85.255.112.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A52534C-C774-400A-9C09-680580901DDA}: NameServer = 85.255.113.139,85.255.112.22
O23 - Service: Apache2 - Unknown owner - C:\indigoperl\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Search Engine Commando Schedule Service (SECScheduleService) - Tates Creek Software, LLC - C:\Program Files\Search Engine Commando\ScheduleService.exe
O23 - Service: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\WINDOWS\C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Please help, and thanks :)
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi there pleasehelpmenow and welcome, Sorry for the delay in response,

Please click this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  • 0

#3
pleasehelpmenow

pleasehelpmenow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Ok, got all done prompt

however... problems have gotten worse :)

Well, when i open internet explorer, in the bottom left and corner where it usually says done, or opening page http://blabla.com, it says connecting to "ip address here" and then changes ip, then loads my homepage. I sometimes get redirected to "adult material" sites when browsing the internet.

My system32 folder has also dissapeared  :tazz:


I also get this error when running some programs Sad

C:\WINDOWS\System32\cmd.exe
X#=0C, CS=01AF IP=00001262. The NTVDM CPU has encountered an unhandled exception. Choose 'Close' to terminate the application.


Well here is my log :)

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"MessengerDiscovery" = "C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe" ["MessengerDiscovery"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\McAgent.exe" ["McAfee, Inc"]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["Networks Associates Technology, Inc"]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["Networks Associates Technology, Inc"]
"rfagent" = ""C:\Program Files\RFA\rfagent.exe"" ["KsL Software"]
"dmcue.exe" = "C:\WINDOWS\System32\dmcue.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0000CC75-ACF3-4cac-A0A9-DD3868E06852}\(Default) = "DAPHelper Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\DAP\DAPBHO.dll" ["Speedbit Ltd."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SmartFTP\smarthook.dll" ["SmartFTP"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "cshbi.exe" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
HexWorkshopContextMenu\(Default) = "{DB34D5DC-D41A-482E-A5EF-8FA0F88761DA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\BreakPoint Software\Hex Workshop 4.2\hwext.dll" ["BreakPoint Software, Inc."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
M2WShlExMenu\(Default) = "{DC6FA7E0-6666-11D5-8CE2-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Acoustica Audio Converter Pro\M2WShlEx.dll" ["Acoustica"]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]
UltraEdit-32\(Default) = "{b5eedee0-c06e-11cf-8c56-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\IDM Computer Solutions\UltraEdit-32\ue32ctmn.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
MP3ToWave\(Default) = "{DC6FA7E0-6666-11D5-8CE2-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Acoustica Audio Converter Pro\M2WShlEx.dll" ["Acoustica"]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies [Description]:
-----------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "NoBandCustomize"=dword:00000001
[disables toolbar status changes in Internet Explorer|View|Toolbars]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (HOME-1L1FVI41ZY-Installer)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (HOME-1L1FVI41ZY-Lee)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"Norton AntiVirus - Scan my computer - Lee" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{62999427-33FC-4BAF-9C9C-BCE6BD127F08}" = "DAP Bar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\DAP\DAPIEBar.dll" [empty string]

"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["Networks Associates Technology, Inc"]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll" ["Sun Microsystems, Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll" ["Yahoo! Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{E19ADC6E-3909-43E4-9A89-B7B676377EE3}\
"ButtonText" = "Sothink SWF Catcher"
"MenuText" = "Sothink SWF Catcher"
"Script" = "C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apache2, Apache2, ""C:\indigoperl\apache\bin\apache.exe" -k runservice" ["Apache Software Foundation"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "\SystemRoot\c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" [file not found]
Search Engine Commando Schedule Service, SECScheduleService, "C:\Program Files\Search Engine Commando\ScheduleService.exe" ["Tates Creek Software, LLC"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 95 seconds, including 18 seconds for message boxes)

Edited by pleasehelpmenow, 26 September 2005 - 06:48 PM.

  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Copy everything in the quote box below (starting with REGEDIT4) and paste it into Notepad. Go up to "File > Save As", then click the drop-down box to change the "Save As Type" to "All Files". Save it as fixware.reg on your desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""

Double-click fixware.reg and when asked if you want to merge with the registry click YES.

After the merged successfully prompt, please reboot your computer.

After reboot, please download RKFiles from HERE
  • Unzip RKfiles.zip to the desktop
  • Double-click RKFiles.bat to run it.
    • It may take a while.
  • When it is finished a window should appear with a log.
  • Please copy the contents of the log and paste them here
    • Note: the log with be saved at c:\log.txt

  • 0

#5
pleasehelpmenow

pleasehelpmenow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
i have an error when double clicking on fixware.reg

Error message:

"This file does not have a program associated with it for performing this action. Create an associate in the Folder Options control"

:tazz: now i cant do the reg fix.
  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hold off on it for now lets get a look at what RKFiles finds for us please,
  • 0

#7
pleasehelpmenow

pleasehelpmenow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Ok, here is the log :tazz:

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\actskin4.ocx: UPX!
C:\WINDOWS\system32\devil.dll: UPX!
C:\WINDOWS\system32\Ri.ocx: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye
  • 0

#8
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme2.reg (make sure that Save as Type is set at "All Files") on your Desktop. Ensure there is no space at above REGEDIT 4.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoBandCustomize"=-


Locate fixme2.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Next,

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A52534C-C774-400A-9C09-680580901DDA}: NameServer = 85.255.113.139,85.255.112.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CC85215-FFC4-49A8-85ED-45E6514A1836}: NameServer = 85.255.113.139,85.255.112.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8EEACDE-5821-4B24-8A8B-BEE11914C9CA}: NameServer = 85.255.113.139,85.255.112.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A52534C-C774-400A-9C09-680580901DDA}: NameServer = 85.255.113.139,85.255.112.22



Next,
*Please open notepad and save these instructions, Name it something you will remember
*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\System32\dmcue.exe
cshbi.exe
C:\WINDOWS\system32\Ri.ocx

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Your computer should automatically restart if not please restart manually please.

Post back a fresh HJT log please
  • 0

#9
pleasehelpmenow

pleasehelpmenow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
i cant do this actoin like i couldnt do the old one

Error message:

"This file does not have a program associated with it for performing this action. Create an associate in the Folder Options control"
  • 0

#10
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Make the fixes with HJT and then post back a fresh HJT log for me please
  • 0

Advertisements


#11
pleasehelpmenow

pleasehelpmenow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Logfile of HijackThis v1.99.1
Scan saved at 15:23:12, on 01/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\indigoperl\apache\bin\apache.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Search Engine Commando\ScheduleService.exe
C:\indigoperl\apache\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.211.74:80
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.co...otDateTeleX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15....es/MsnPUpld.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.co...erstarTeleX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1127641758093
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toont...5.33/ttinst.cab
O23 - Service: Apache2 - Unknown owner - C:\indigoperl\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Search Engine Commando Schedule Service (SECScheduleService) - Tates Creek Software, LLC - C:\Program Files\Search Engine Commando\ScheduleService.exe
O23 - Service: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\WINDOWS\C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#12
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Please post back the report.txt,
Along with a fresh Silent runners log please
  • 0

#13
pleasehelpmenow

pleasehelpmenow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
ok thannks :tazz:

Ewido Scan report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:   09:40:29, 02/10/2005
+ Report-Checksum:  78C632D5

+ Scan result:
C:\Program Files\DAP\DAP.exe -> Spyware.Dap : Ignored
HKU\S-1-5-21-1177238915-1606980848-725345543-1004\Software\IST -> Spyware.ISTBar : Cleaned with backup
C:\data -> TrojanDownloader.IstBar.ja : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Installer\Application Data\Mozilla\Firefox\Profiles\jpyz136c.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.392:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.401:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.409:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Etracker : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Inet-cash : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.503:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.504:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.570:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.722:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.723:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.730:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.734:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.736:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.738:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.739:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.740:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.741:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.742:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.743:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.758:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.764:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.766:C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vrofxfcs.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@adviva[2].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Lee\Cookies\lee@www.epilot[1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Program Files\MessengerDiscovery\killmd.exe -> Spyware.VB : Cleaned with backup
C:\System Volume Information\_restore{A2D5F7A5-A287-4D60-92BA-AD7ADD8EC092}\RP285\A0243390.DLL -> Not-A-Virus.Tool.Game.HotHook : Cleaned with backup
C:\System Volume Information\_restore{A2D5F7A5-A287-4D60-92BA-AD7ADD8EC092}\RP286\A0244376.DLL -> Not-A-Virus.Tool.Game.HotHook : Cleaned with backup
C:\System Volume Information\_restore{A2D5F7A5-A287-4D60-92BA-AD7ADD8EC092}\RP287\A0244440.DLL -> Not-A-Virus.Tool.Game.HotHook : Cleaned with backup
C:\System Volume Information\_restore{A2D5F7A5-A287-4D60-92BA-AD7ADD8EC092}\RP287\A0244441.exe -> TrojanDownloader.IstBar.ja : Cleaned with backup
C:\System Volume Information\_restore{A2D5F7A5-A287-4D60-92BA-AD7ADD8EC092}\RP288\A0244519.DLL -> Not-A-Virus.Tool.Game.HotHook : Cleaned with backup
C:\WINDOWS\system32\H@tKeysH@@k.DLL -> Not-A-Virus.Tool.Game.HotHook : Cleaned with backup


::Report End


HJT Report:

Logfile of HijackThis v1.99.1
Scan saved at 09:43:32, on 02/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\indigoperl\apache\bin\apache.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Search Engine Commando\ScheduleService.exe
C:\WINDOWS\System32\svchost.exe
C:\indigoperl\apache\bin\apache.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.211.74:80
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.co...otDateTeleX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15....es/MsnPUpld.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.co...erstarTeleX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1127641758093
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toont...5.33/ttinst.cab
O23 - Service: Apache2 - Unknown owner - C:\indigoperl\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Search Engine Commando Schedule Service (SECScheduleService) - Tates Creek Software, LLC - C:\Program Files\Search Engine Commando\ScheduleService.exe
O23 - Service: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\WINDOWS\C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#14
pleasehelpmenow

pleasehelpmenow

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
and silent runners log.

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\McAgent.exe" ["McAfee, Inc"]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["Networks Associates Technology, Inc"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"dmjpl.exe" = "C:\WINDOWS\System32\dmjpl.exe" [null data]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0000CC75-ACF3-4cac-A0A9-DD3868E06852}\(Default) = "DAPHelper Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\DAP\DAPBHO.dll" ["Speedbit Ltd."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [file not found]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SmartFTP\smarthook.dll" ["SmartFTP"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csfij.exe" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
HexWorkshopContextMenu\(Default) = "{DB34D5DC-D41A-482E-A5EF-8FA0F88761DA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\BreakPoint Software\Hex Workshop 4.2\hwext.dll" ["BreakPoint Software, Inc."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
M2WShlExMenu\(Default) = "{DC6FA7E0-6666-11D5-8CE2-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Acoustica Audio Converter Pro\M2WShlEx.dll" ["Acoustica"]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]
UltraEdit-32\(Default) = "{b5eedee0-c06e-11cf-8c56-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\IDM Computer Solutions\UltraEdit-32\ue32ctmn.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
MP3ToWave\(Default) = "{DC6FA7E0-6666-11D5-8CE2-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Acoustica Audio Converter Pro\M2WShlEx.dll" ["Acoustica"]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (HOME-1L1FVI41ZY-Installer)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"McAfee.com Update Check (HOME-1L1FVI41ZY-Lee)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"]
"Norton AntiVirus - Scan my computer - Lee" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{62999427-33FC-4BAF-9C9C-BCE6BD127F08}" = "DAP Bar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\DAP\DAPIEBar.dll" [empty string]

"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["Networks Associates Technology, Inc"]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll" ["Sun Microsystems, Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll" ["Yahoo! Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{E19ADC6E-3909-43E4-9A89-B7B676377EE3}\
"ButtonText" = "Sothink SWF Catcher"
"MenuText" = "Sothink SWF Catcher"
"Script" = "C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apache2, Apache2, ""C:\indigoperl\apache\bin\apache.exe" -k runservice" ["Apache Software Foundation"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "\SystemRoot\c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" [file not found]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Search Engine Commando Schedule Service, SECScheduleService, "C:\Program Files\Search Engine Commando\ScheduleService.exe" ["Tates Creek Software, LLC"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 85 seconds, including 8 seconds for message boxes)
  • 0

#15
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Make sure you can view all Hidden Files/Folders


Next Reboot into SAFE MODE
Search for and delete the Folders/Files highlighted in BOLD

C:\WINDOWS\System32\dmjpl.exe
csfij.exe <-- Use Start - Search - For Files/Folders to search for this one


Reboot back to normal mode
Run this online scan ActiveScan
Post back what it finds along with a fresh Silent runners log please
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP