System keeps crashing
Started by
donnadoula
, Oct 23 2005 01:44 PM
-
This topic is locked
#1
Posted 23 October 2005 - 01:44 PM
donnadoula
-
- Member
-
- 26 posts
Member
#2
Posted 23 October 2005 - 09:47 PM
donnadoula
- Topic Starter
-
- Member
-
- 26 posts
Member
--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:45:34 PM, 10/23/2005
+ Report-Checksum: 3D0477CE
+ Scan result:
HKLM\SOFTWARE\Classes\AdToolsX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Bho8.adlog -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\Bho8.adlog\CLSID -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\Radio.RadioPlayer -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\Shorty.Gopher -> Adware.Shorty : Error during cleaning
HKLM\SOFTWARE\Classes\Shorty.Gopher.1 -> Adware.Shorty : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginConfig\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginEvents\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginServer\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\toolbar.ResProtocol -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Error during cleaning
C:\Documents and Settings\AllOfUs\Local Settings\Temporary Internet Files\Content.IE5\9AWJK9QS\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\AllOfUs\Local Settings\Temporary Internet Files\Content.IE5\GRR3US99\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\AllOfUs\Local Settings\Temporary Internet Files\Content.IE5\QPZSPCJU\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\backup-20050627-204119-256.dll -> Spyware.Adstart : Cleaned with backup
C:\Program Files\backup-20050627-204119-510.dll -> Spyware.Adstart : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\Program Files\CxtPls -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\MaxiFiles\maxifiles.dll -> Spyware.SearchIt : Cleaned with backup
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL -> Spyware.MyWay : Cleaned with backup
C:\WINDOWS\autoload.exe -> Not-A-Virus.Tool.Autoloader : Cleaned with backup
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE -> Spyware.Background : Cleaned with backup
C:\WINDOWS\bsx32 -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI50.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASICLRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASICLV.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIEPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIEZ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIHD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIKAB2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIMBC.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIRCPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISS2RE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISSRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\bspace.html -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPC.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPF.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFAM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFI.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFIN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPG.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPH.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPHL.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPJ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPMTV.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPR.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPSHOP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPSP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPW.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WEBS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WEBS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ZNETGP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\installer.dll -> Spyware.Downloadware : Cleaned with backup
C:\WINDOWS\pctptt.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\repair\svcip.dll -> Spyware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\budprn6v.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\hlagecm.exe -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\hoiieef.sys -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\hraoebg.exe -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\hsahefa.vxd -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\htagyaa.exe -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\izhfhd.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\izhfhf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\winsrm32.dll -> Spyware.iLookup : Cleaned with backup
C:\WINDOWS\system32\zlgbud.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\zlgbuf.exe -> Spyware.Adstart : Cleaned with backup
::Report End
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:45:34 PM, 10/23/2005
+ Report-Checksum: 3D0477CE
+ Scan result:
HKLM\SOFTWARE\Classes\AdToolsX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Bho8.adlog -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\Bho8.adlog\CLSID -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\Radio.RadioPlayer -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\Shorty.Gopher -> Adware.Shorty : Error during cleaning
HKLM\SOFTWARE\Classes\Shorty.Gopher.1 -> Adware.Shorty : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginConfig\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginEvents\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginServer\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\toolbar.ResProtocol -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Error during cleaning
C:\Documents and Settings\AllOfUs\Local Settings\Temporary Internet Files\Content.IE5\9AWJK9QS\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\AllOfUs\Local Settings\Temporary Internet Files\Content.IE5\GRR3US99\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\AllOfUs\Local Settings\Temporary Internet Files\Content.IE5\QPZSPCJU\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\backup-20050627-204119-256.dll -> Spyware.Adstart : Cleaned with backup
C:\Program Files\backup-20050627-204119-510.dll -> Spyware.Adstart : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\Program Files\CxtPls -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\MaxiFiles\maxifiles.dll -> Spyware.SearchIt : Cleaned with backup
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL -> Spyware.MyWay : Cleaned with backup
C:\WINDOWS\autoload.exe -> Not-A-Virus.Tool.Autoloader : Cleaned with backup
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE -> Spyware.Background : Cleaned with backup
C:\WINDOWS\bsx32 -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI50.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASICLRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASICLV.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIEPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIEZ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIHD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIKAB2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIMBC.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIRCPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISS2RE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISSRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\bspace.html -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPC.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPF.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFAM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFI.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFIN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPG.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPH.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPHL.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPJ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPMTV.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPR.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPSHOP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPSP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPW.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WEBS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WEBS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ZNETGP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\installer.dll -> Spyware.Downloadware : Cleaned with backup
C:\WINDOWS\pctptt.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\repair\svcip.dll -> Spyware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\budprn6v.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\hlagecm.exe -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\hoiieef.sys -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\hraoebg.exe -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\hsahefa.vxd -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\htagyaa.exe -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\izhfhd.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\izhfhf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\winsrm32.dll -> Spyware.iLookup : Cleaned with backup
C:\WINDOWS\system32\zlgbud.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\zlgbuf.exe -> Spyware.Adstart : Cleaned with backup
::Report End
#3
Posted 31 October 2005 - 05:54 PM
donnadoula
- Topic Starter
-
- Member
-
- 26 posts
Member
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:29:03 PM, 10/30/2005
+ Report-Checksum: 71EB5FD9
+ Scan result:
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\Radio.RadioPlayer -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\Shorty.Gopher -> Adware.Shorty : Error during cleaning
HKLM\SOFTWARE\Classes\Shorty.Gopher.1 -> Adware.Shorty : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginConfig\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginEvents\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginServer\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\toolbar.ResProtocol -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Error during cleaning
C:\Documents and Settings\AllOfUs\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\AllOfUs\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\AllOfUs\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\AllOfUs\Local Settings\Temporary Internet Files\Content.IE5\Q7NB131S\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\WINDOWS\repair\svcip.dll -> Spyware.Virtumonde : Cleaned with backup
C:\WINDOWS\system\QBUninstaller.exe -> TrojanDownloader.Small.aly : Cleaned with backup
C:\WINDOWS\system32\hlagecm.exe -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\hraoebg.exe -> Trojan.Painwin.a : Cleaned with backup
::Report End
****************** here's the Panda Report****************************
Incident Status Location
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\repair\svcip.dll
Adware:adware/afaenhance No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/isearch No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\initial.inf
Adware:adware/toprebates No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\WinadX.inf
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Dialer:dialer.bny No disinfected C:\WINDOWS\pcconfig.dat
Dialer:dialer.b No disinfected C:\WINDOWS\tmlpcert2005
Adware:adware/fizzle No disinfected C:\PROGRAM FILES\FwBarTemp
Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\MaxiFiles
Adware:adware/winad No disinfected C:\PROGRAM FILES\Winad Client
Adware:adware/beginto No disinfected C:\WINDOWS\SYSTEM32\cache32_dsktptr
Adware:adware/cws No disinfected C:\Documents and Settings\AllOfUs\Favorites\Living
Adware:adware/ncase No disinfected C:\WINDOWS\180Solutions
Spyware:spyware/dyfuca No disinfected C:\WINDOWS\STWSI
Adware:adware/wupd No disinfected Windows Registry
Adware:Adware/Thecoolbar No disinfected C:\Program Files\FwBarTemp\cohelper.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\Downloaded Program Files\initial.inf
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\WinadX.inf
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\repair\svcip.dll
Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\system32\imwireup.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\unpack.exe
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:29:03 PM, 10/30/2005
+ Report-Checksum: 71EB5FD9
+ Scan result:
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\Radio.RadioPlayer -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\Shorty.Gopher -> Adware.Shorty : Error during cleaning
HKLM\SOFTWARE\Classes\Shorty.Gopher.1 -> Adware.Shorty : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginConfig\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginEvents\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginServer\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\toolbar.ResProtocol -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Error during cleaning
C:\Documents and Settings\AllOfUs\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\AllOfUs\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\AllOfUs\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\AllOfUs\Local Settings\Temporary Internet Files\Content.IE5\Q7NB131S\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\WINDOWS\repair\svcip.dll -> Spyware.Virtumonde : Cleaned with backup
C:\WINDOWS\system\QBUninstaller.exe -> TrojanDownloader.Small.aly : Cleaned with backup
C:\WINDOWS\system32\hlagecm.exe -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\hraoebg.exe -> Trojan.Painwin.a : Cleaned with backup
::Report End
****************** here's the Panda Report****************************
Incident Status Location
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\repair\svcip.dll
Adware:adware/afaenhance No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Adware:adware/isearch No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\initial.inf
Adware:adware/toprebates No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\WinadX.inf
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Dialer:dialer.bny No disinfected C:\WINDOWS\pcconfig.dat
Dialer:dialer.b No disinfected C:\WINDOWS\tmlpcert2005
Adware:adware/fizzle No disinfected C:\PROGRAM FILES\FwBarTemp
Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\MaxiFiles
Adware:adware/winad No disinfected C:\PROGRAM FILES\Winad Client
Adware:adware/beginto No disinfected C:\WINDOWS\SYSTEM32\cache32_dsktptr
Adware:adware/cws No disinfected C:\Documents and Settings\AllOfUs\Favorites\Living
Adware:adware/ncase No disinfected C:\WINDOWS\180Solutions
Spyware:spyware/dyfuca No disinfected C:\WINDOWS\STWSI
Adware:adware/wupd No disinfected Windows Registry
Adware:Adware/Thecoolbar No disinfected C:\Program Files\FwBarTemp\cohelper.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\Downloaded Program Files\initial.inf
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\WinadX.inf
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\repair\svcip.dll
Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\system32\imwireup.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\system32\unpack.exe
#4
Posted 01 November 2005 - 09:44 PM
donnadoula
- Topic Starter
-
- Member
-
- 26 posts
Member
Logfile of HijackThis v1.99.1
Scan saved at 9:43:13 PM, on 11/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.valornet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.valornet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\ddawt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\svcip.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VidiaDrivers] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\System32\guarnset.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O15 - Trusted Zone: http://www.principal.com
O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/.../v4/EARTP8X.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126838937584
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://www.contentwa...uditControl.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: ddawt - ddawt.dll (file missing)
O20 - Winlogon Notify: svcip - C:\WINDOWS\repair\svcip.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: htagyaa - Unknown owner - C:\WINDOWS\system32\htagyaa.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MMtask Engine (MMtaskEngine) - Unknown owner - C:\WINDOWS\System32\mmtask.exe (file missing)
Scan saved at 9:43:13 PM, on 11/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.valornet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.valornet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\ddawt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\svcip.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VidiaDrivers] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\System32\guarnset.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_3 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O15 - Trusted Zone: http://www.principal.com
O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/.../v4/EARTP8X.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126838937584
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://www.contentwa...uditControl.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: ddawt - ddawt.dll (file missing)
O20 - Winlogon Notify: svcip - C:\WINDOWS\repair\svcip.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: htagyaa - Unknown owner - C:\WINDOWS\system32\htagyaa.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MMtask Engine (MMtaskEngine) - Unknown owner - C:\WINDOWS\System32\mmtask.exe (file missing)
#5
Posted 01 November 2005 - 11:08 PM
pomp
-
- Member
-
- 1,366 posts
the man
Now please open IE.. go to tools-windows update.. and Update everything possible. Especially installing SP2. When all of that is done, even going back to windows update and seeing what's available after installing SP2. When all that is done then, restart computer, then scan with hijackthis and post a new log!
Edited by pomp86, 01 November 2005 - 11:12 PM.
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
