Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\robert\Desktop\aproposfix
************
Registry entries found:
[HKEY_LOCAL_MACHINE\Software\CrTOFAHFfl79]
@="488.i41CDDCDDED43IxyrCDDCSFDmYdTemiID4A45u.JIDt3y7u34D:u5.q31sE4A4"
"Device"="\\\\.\\sr2hib"
"DriverPath"="C:\\WINDOWS2\\system32\\drivers\\netmarpc.sys"
"DriverName"="swwmSsp"
"HideUninstallerName"="C:\\Program Files\\Vieudios\\patc32gt.exe"
"UninstallerPath"="C:\\WINDOWS2\\system32\\fpjnetsh.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{038D977F-6B70-451E-AA34-A10D415EE6E9}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS2\\system32\\cisctfrm.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="
http://adchannel.con...onbranded.html""PartnerId"="CP.IST2"
"InstallationId"="{X902adf1-c757-5aca-2304-a9037db5743f}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Vieudios\\rpciplat.exe"
************
Removing hidden service:
Service swwmSsp removed.
Removing hidden folder:
Deletion of folder Vieudios succeeded!
Deleting files:
Deletion of file C:\WINDOWS2\system32\drivers\netmarpc.sys succeeded!
Deletion of file C:\WINDOWS2\system32\msrrccsp.exe succeeded!
Deletion of file C:\WINDOWS2\system32\cisctfrm.dll succeeded!
Deletion of file C:\WINDOWS2\system32\fpjnetsh.exe succeeded!
Backing up files:
Done!
Removing registry entries:
REGEDIT4
[-HKEY_CURRENT_USER\Software\CrTOFAHFfl79]
[-HKEY_LOCAL_MACHINE\Software\CrTOFAHFfl79]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{038D977F-6B70-451E-AA34-A10D415EE6E9}]
Done!
Finished!
Highjack logLogfile of HijackThis v1.99.1
Scan saved at 4:11:44 PM, on 12/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\LEXBCES.EXE
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\system32\LEXPPS.EXE
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\cisvc.exe
C:\Program Files\Common Files\AOL\1124230273\ee\AOLHostManager.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\AOL\1124230273\ee\AOLServiceHost.exe
C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1124230273\ee\AOLServiceHost.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS2\system32\LEXBCES.EXE
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Router Service\pnroutsv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe