WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
hijackthis log + systemuptodate.net IE hijack
Started by
ravingmadman
, May 30 2006 07:57 AM
-
This topic is locked
16 replies to this topic
#1
ravingmadman
-
- Authentic Member
-
- 6 posts
New Member
Posted 30 May 2006 - 07:57 AM
Register to Remove
#2
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 01 June 2006 - 10:38 AM
Hello ravingmadman, welcome to the TC Forums.
Please do the following and then I will evaluate the rapport.txt and give you the next step.
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________
Please download the trial version of Ewido anti-malware 3.5 from here:
http://www.ewido.net/en/download/
Once finished updating, close Ewido.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Please post (reply) with the rapport.txt
Please do the following and then I will evaluate the rapport.txt and give you the next step.
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
______________________________
Please download the trial version of Ewido anti-malware 3.5 from here:
http://www.ewido.net/en/download/
- Install Ewido anti-malware.
- When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
- When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
- The program will prompt you to update. Click the Ok button.
- The program will now go to the main screen.
- On the left-hand side of the main screen click the Update Button.
- Click on Start.
Once finished updating, close Ewido.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Please post (reply) with the rapport.txt
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#3
Folitician
-
- New Member
-
- 4 posts
New Member
Posted 03 June 2006 - 01:10 AM
Hi,
After following your instructions so far, could you have a look at my rapport log?
Cheers
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mike Brown\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKEBR~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{62eb0924-19d2-4226-b4b9-8ad1f70904c1}"="bronchovascular"
[HKEY_CLASSES_ROOT\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
@="blank"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
@="blank"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
#4
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 03 June 2006 - 01:19 AM
Clean
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Reboot your computer in Safe Mode.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Clean out your Temporary Internet files. Proceed like this:
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
______________________________
Please post:
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Clean out your Temporary Internet files. Proceed like this:
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
- On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
- Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
- Click OK.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
- Click on Scanner
- Click on Settings
- Under How to scan all boxes should be checked
- Under Unwanted Software all boxes should be checked
- Under What to scan select Scan every file
- Click on Ok
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
- Click Save Report button
- Save the report to your Desktop
______________________________
Please post:
- c:\rapport.txt
- Ewido log
- A new HijackThis log
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#5
Folitician
-
- New Member
-
- 4 posts
New Member
Posted 03 June 2006 - 06:17 AM
Susan,
Looks like your tips helped? Here are the logs you requested.
Thanks
Mike
Rapport
SmitFraudFix v2.53
Scan done at 13:09:53.06, 03/06/2006
Run from C:\Documents and Settings\Mike Brown\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mike Brown\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKEBR~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
EWIDO
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 12:27:01, 03/06/2006
+ Report-Checksum: 72CD6526
+ Scan result:
C:\Documents and Settings\Mike Brown\Cookies\mike brown@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mike Brown\Cookies\mike brown@computershopper.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Mike Brown\Cookies\mike brown@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
E:\Program Files\BitTorrent\bittorrent.exe -> Logger.KeyLogger.jm : Cleaned with backup
E:\Program Files\BitTorrent\choose_language.exe -> Logger.KeyLogger.jm : Cleaned with backup
E:\Program Files\BitTorrent\maketorrent.exe -> Logger.KeyLogger.jm : Cleaned with backup
E:\Program Files\Media-Codec -> Trojan.Small : Cleaned with backup
E:\Program Files\Media-Codec\uninst.exe -> Trojan.Small : Cleaned with backup
::Report End
Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 13:08:36, on 03/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\Program Files\Pure Networks\Network Magic\nmapp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Xfire\Xfire.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavHook Object - {07D7F044-2F5F-41B2-BAA5-936814AF0163} - E:\Program Files\Pure Networks\Network Magic\nmbrhelp.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nmapp] "E:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SSC Service Utility] E:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [KAVPersonal50] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143286217671
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - E:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Looks like your tips helped? Here are the logs you requested.
Thanks
Mike
Rapport
SmitFraudFix v2.53
Scan done at 13:09:53.06, 03/06/2006
Run from C:\Documents and Settings\Mike Brown\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mike Brown\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MIKEBR~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
EWIDO
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 12:27:01, 03/06/2006
+ Report-Checksum: 72CD6526
+ Scan result:
C:\Documents and Settings\Mike Brown\Cookies\mike brown@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mike Brown\Cookies\mike brown@computershopper.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Mike Brown\Cookies\mike brown@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
E:\Program Files\BitTorrent\bittorrent.exe -> Logger.KeyLogger.jm : Cleaned with backup
E:\Program Files\BitTorrent\choose_language.exe -> Logger.KeyLogger.jm : Cleaned with backup
E:\Program Files\BitTorrent\maketorrent.exe -> Logger.KeyLogger.jm : Cleaned with backup
E:\Program Files\Media-Codec -> Trojan.Small : Cleaned with backup
E:\Program Files\Media-Codec\uninst.exe -> Trojan.Small : Cleaned with backup
::Report End
Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 13:08:36, on 03/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\Program Files\Pure Networks\Network Magic\nmapp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Xfire\Xfire.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavHook Object - {07D7F044-2F5F-41B2-BAA5-936814AF0163} - E:\Program Files\Pure Networks\Network Magic\nmbrhelp.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nmapp] "E:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SSC Service Utility] E:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [KAVPersonal50] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143286217671
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - E:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
#6
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 03 June 2006 - 10:58 AM
Folitician you are not ravingmadman! You just answered my reply to him and I responded to you. Why didn't you start a new post?
Edited by Susan528, 03 June 2006 - 03:01 PM.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#7
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 03 June 2006 - 04:28 PM
Hello Folitician,
Since ravingmadman does not seem to be around, let's finish this up.
Disable TeaTimer:
Please disable TeaTimer as it may hinder the removal of some entries. You can re-enable it after you're clean.To disable TeaTimer:
Scan with HijackThis. Place a check against each of the following:
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.
Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Post(reply) with a fresh HijackThis log and the Kapersky results and we will take another look.
Since ravingmadman does not seem to be around, let's finish this up.
Disable TeaTimer:
Please disable TeaTimer as it may hinder the removal of some entries. You can re-enable it after you're clean.To disable TeaTimer:
- Run Spybot-S&D
- Go to the Mode menu , and make sure "Advanced Mode " is selected
- On the left hand side, choose Tools -> Resident
- Uncheck "Resident TeaTimer " and OK any prompts
- Restart your computer.
Scan with HijackThis. Place a check against each of the following:
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.
Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Standard
- Scan Options:
- Scan Archives
- Scan Mail Bases
- Click OK
- Now under select a target to scan:
- Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
Post(reply) with a fresh HijackThis log and the Kapersky results and we will take another look.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#8
Folitician
-
- New Member
-
- 4 posts
New Member
Posted 04 June 2006 - 05:09 PM
Susan
The virus scan came up clean...
Here is the latest HIjack log
Logfile of HijackThis v1.99.1
Scan saved at 00:03:44, on 05/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\Program Files\Pure Networks\Network Magic\nmapp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Xfire\Xfire.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavHook Object - {07D7F044-2F5F-41B2-BAA5-936814AF0163} - E:\Program Files\Pure Networks\Network Magic\nmbrhelp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nmapp] "E:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SSC Service Utility] E:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [KAVPersonal50] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143286217671
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - E:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Thanks for your help
Mike
The virus scan came up clean...
Here is the latest HIjack log
Logfile of HijackThis v1.99.1
Scan saved at 00:03:44, on 05/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\Program Files\Pure Networks\Network Magic\nmapp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Xfire\Xfire.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavHook Object - {07D7F044-2F5F-41B2-BAA5-936814AF0163} - E:\Program Files\Pure Networks\Network Magic\nmbrhelp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nmapp] "E:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SSC Service Utility] E:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [KAVPersonal50] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143286217671
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - E:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Thanks for your help
Mike
#9
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 05 June 2006 - 04:32 AM
Hello Folitician,
Your hijackthis log appears to be clean.
I don't see an anti-virus and you must be depending on the Windows XP firewall. There are anti-virus and firewall applications that are free for personal use. Please read below.
Also you need to update your Java. New version has been released.
Please follow the recommendations below in order to reduce your chances of becoming infected.
STEP 1.
======
Cleanmgr
To clean temporary files:
======
Prefetch Folder
Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder
STEP 3.
======
System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
Turn ON System Restore.
STEP 4.
======
DON’T BECOME OVERCONFIDENT WITH ANTIVIRUS APPLICATIONS INSTALLED!!!
http://forum.malware...39eba6ea0b5e8ee
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Thank you for allowing me to assist you.
Susan
Your hijackthis log appears to be clean.
I don't see an anti-virus and you must be depending on the Windows XP firewall. There are anti-virus and firewall applications that are free for personal use. Please read below.
Also you need to update your Java. New version has been released.
Please follow the recommendations below in order to reduce your chances of becoming infected.
STEP 1.
======
Cleanmgr
To clean temporary files:
- Go > start > run and type cleanmgr and click OK
- Scan your system for files to remove.
- Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
- Click OK to remove those files.
- Click Yes to confirm deletion.
======
Prefetch Folder
Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder
STEP 3.
======
System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
- Turn off System Restore.
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- Check Turn off System Restore.
- Click Apply, and then click OK.
Turn ON System Restore.
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- UN-Check *Turn off System Restore*.
- Click Apply, and then click OK.
STEP 4.
======
DON’T BECOME OVERCONFIDENT WITH ANTIVIRUS APPLICATIONS INSTALLED!!!
http://forum.malware...39eba6ea0b5e8ee
Stay up to date on security patches and be extremely wary of clicking on links and attachments that arrive unbidden in instant messages and e-mail.
"The number one thing the majority of the malicious code we're seeing now does is disable or delete anti-virus and other security software," Dunham said. "In a lot of cases, once the user clicks on that attachment, it's already too late."
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
- Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources
- Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
- Test your Firewall - Please test your firewall and make sure it is working properly.
Test Firewall
- Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
- Update your Java to the latest version. Uninstall any and all versions you have listed in add/remove programs and install the latest version from here:
https://sdlc6c.sun.c...4E1EA2D176EE3EA
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
- More info on how to prevent malware you can also find here (By Tony Klein)
Thank you for allowing me to assist you.
Susan
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#10
ravingmadman
-
- Authentic Member
-
- 6 posts
New Member
Posted 05 June 2006 - 06:57 AM
hi susan,
sorry i didnt get back earlier but i hope you can help me as you did folitician who hijacked my query!
here is the rapport.
SmitFraudFix v2.53
Scan done at 18:31:30.14, Mon 06/05/2006
Run from C:\Documents and Settings\Dr. Thapa\Desktop\hijack\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dr. Thapa\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DRDD0D~1.THA\FAVORI~1
C:\DOCUME~1\DRDD0D~1.THA\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Security Toolbar\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a0c51615-738a-4542-801a-5af61614e182}"="bedimples"
[HKEY_CLASSES_ROOT\CLSID\{a0c51615-738a-4542-801a-5af61614e182}\InProcServer32]
@="C:\WINDOWS\System32\higjxe.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{a0c51615-738a-4542-801a-5af61614e182}\InProcServer32]
@="C:\WINDOWS\System32\higjxe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{62eb0924-19d2-4226-b4b9-8ad1f70904c1}"="bronchovascular"
[HKEY_CLASSES_ROOT\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
@="C:\WINDOWS\System32\hvnwm.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
@="C:\WINDOWS\System32\hvnwm.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
thanks
rm
Register to Remove
#11
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 05 June 2006 - 07:38 AM
Hello ravingmadman,
I am sorry that I did not catch the switch.
Please do the following:
Clean
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Reboot your computer in Safe Mode.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Clean out your Temporary Internet files. Proceed like this:
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
______________________________
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing
Y and hit Enter.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________
Please post:
I am sorry that I did not catch the switch.
Please do the following:
Clean
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Clean out your Temporary Internet files. Proceed like this:
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
- On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
- Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
- Click OK.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
- Click on Scanner
- Click on Settings
- Under How to scan all boxes should be checked
- Under Unwanted Software all boxes should be checked
- Under What to scan select Scan every file
- Click on Ok
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
- Click Save Report button
- Save the report to your Desktop
______________________________
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing
Y and hit Enter.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________
Please post:
- c:\rapport.txt
- Ewido log
- A new HijackThis log
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#12
Folitician
-
- New Member
-
- 4 posts
New Member
Posted 05 June 2006 - 12:46 PM
Susan,
Thanks for your time and help, I really appreciate it.
I do run Kaspersky AV Personal Pro and I am using a firewall through my Netgear Router. I think one of my kids caused the problem that you were able to fix for me.
Ravingmad
Sorry for Hijacking your post. I am sure Susan will be able tosort out your problem too, good luck.
Thanks for all your help and support
Folitician
#13
ravingmadman
-
- Authentic Member
-
- 6 posts
New Member
Posted 06 June 2006 - 02:22 AM
hi susan
here's the three logs you requested:
RAPPORT
SmitFraudFix v2.53
Scan done at 10:46:01.34, Tue 06/06/2006
Run from C:\Documents and Settings\Dr. Thapa\Desktop\hijack\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a0c51615-738a-4542-801a-5af61614e182}"="bedimples"
[HKEY_CLASSES_ROOT\CLSID\{a0c51615-738a-4542-801a-5af61614e182}\InProcServer32]
@="C:\WINDOWS\System32\higjxe.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{a0c51615-738a-4542-801a-5af61614e182}\InProcServer32]
@="C:\WINDOWS\System32\higjxe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{62eb0924-19d2-4226-b4b9-8ad1f70904c1}"="bronchovascular"
[HKEY_CLASSES_ROOT\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
@="C:\WINDOWS\System32\hvnwm.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
@="C:\WINDOWS\System32\hvnwm.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\DRDD0D~1.THA\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\Security Toolbar\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\System32\higjxe.dll -> Missing File
C:\WINDOWS\System32\hvnwm.dll -> Missing File
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
EWIDO
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:08:28 PM, 6/6/2006
+ Report-Checksum: BB7ED7EF
+ Scan result:
:mozilla.47:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Dr. Thapa\Application Data\Mozilla\Firefox\Profiles\ii496f4j.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.11:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.13:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.61:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.62:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.63:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.64:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.65:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.66:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.67:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.68:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.69:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.70:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.71:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.72:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.73:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.74:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.75:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.76:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.81:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.83:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.84:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.85:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.86:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.88:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.89:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.90:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.91:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.92:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.93:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.103:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.104:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.105:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.107:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.108:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.109:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.115:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.116:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.117:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.118:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.119:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.120:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.121:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.122:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.123:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.124:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.126:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.127:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.128:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.129:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.130:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.131:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.133:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.136:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Oewabox : Cleaned with backup
:mozilla.137:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.145:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.146:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.161:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.170:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.172:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.189:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.192:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.200:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.201:F:\WINDOWS\Application Data\Mozilla\Profiles\default\0aedh474.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
::Report End
HIJACK THIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 1:55:30 PM, on 6/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
C:\Program Files\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe
D:\care\Nepali Calender\Calendar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\slrundll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Dr. Thapa\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Encarta Dictionary Quickshelf.lnk = C:\Program Files\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe
O4 - Startup: Dual Calendar.Lnk = D:\care\Nepali Calender\Calendar.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFDE1ACB-3012-43BA-9384-654AEE553347}: NameServer = 202.79.32.35 202.79.32.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
#14
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 06 June 2006 - 06:48 AM
Hello ravingmadman,
Your hijackthis log appears to be clean. How is your computer running?
Let's run Option 1 again just to check things.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Please post the results in your next reply:
C:\rapport.txt
=================
Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
=========================
Please post (reply) with the C:\rapport.txt, the results from Kapersky, and a new hijackthis.
Your hijackthis log appears to be clean. How is your computer running?
Let's run Option 1 again just to check things.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Please post the results in your next reply:
C:\rapport.txt
=================
Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Standard
- Scan Options:
- Scan Archives
- Scan Mail Bases
- Click OK
- Now under select a target to scan:
- Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
=========================
Please post (reply) with the C:\rapport.txt, the results from Kapersky, and a new hijackthis.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#15
ravingmadman
-
- Authentic Member
-
- 6 posts
New Member
Posted 06 June 2006 - 11:48 PM
susan,
the computer seems to be running smoother thanks to you, BUT: the monitor still flashes yellow every now and again, or is tinged yellow (i'm not sure if this is a separate problem), and every hour or so I still get the following security message (admittedly a great improvement on the messages I was getting every 3 minutes before I came to the forum):
Message from Security Alert to Monitor
Important Windows Security Bulletin
Buffer Overrun in Messenger Service allows remote code execution, virus infection and unexpected computer shutdowns
Affected software
Microsoft Windows NT Workstation
Microsoft Windons NT NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win 98
Microsoft Windows Server 2003
Non-affected software
Microsoft Windows Millennium Edition
Download Patch
www.patchupdate.info
(or alternatively it gives this address: www.dlpatch.com)
My computer runs on Microsoft Windows XP Professional, Version 2002, Service Pack 2
---------
The Kapersky scan was clean, so had no report (empty).
Here follows the rapport txt and the new hijack log:
SmitFraudFix v2.53
Scan done at 0:08:48.05, Wed 06/07/2006
Run from C:\Documents and Settings\Dr. Thapa\Desktop\rabi\hijack\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dr. Thapa\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DRDD0D~1.THA\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
----------
Logfile of HijackThis v1.99.1
Scan saved at 11:17:40 AM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe
D:\care\Nepali Calender\Calendar.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dr. Thapa\Desktop\rabi\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Encarta Dictionary Quickshelf.lnk = C:\Program Files\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe
O4 - Startup: Dual Calendar.Lnk = D:\care\Nepali Calender\Calendar.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFDE1ACB-3012-43BA-9384-654AEE553347}: NameServer = 202.79.32.35 202.79.32.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
thanks so much again!
rm
the computer seems to be running smoother thanks to you, BUT: the monitor still flashes yellow every now and again, or is tinged yellow (i'm not sure if this is a separate problem), and every hour or so I still get the following security message (admittedly a great improvement on the messages I was getting every 3 minutes before I came to the forum):
Message from Security Alert to Monitor
Important Windows Security Bulletin
Buffer Overrun in Messenger Service allows remote code execution, virus infection and unexpected computer shutdowns
Affected software
Microsoft Windows NT Workstation
Microsoft Windons NT NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win 98
Microsoft Windows Server 2003
Non-affected software
Microsoft Windows Millennium Edition
Download Patch
www.patchupdate.info
(or alternatively it gives this address: www.dlpatch.com)
My computer runs on Microsoft Windows XP Professional, Version 2002, Service Pack 2
---------
The Kapersky scan was clean, so had no report (empty).
Here follows the rapport txt and the new hijack log:
SmitFraudFix v2.53
Scan done at 0:08:48.05, Wed 06/07/2006
Run from C:\Documents and Settings\Dr. Thapa\Desktop\rabi\hijack\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dr. Thapa\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DRDD0D~1.THA\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
----------
Logfile of HijackThis v1.99.1
Scan saved at 11:17:40 AM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe
D:\care\Nepali Calender\Calendar.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dr. Thapa\Desktop\rabi\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Encarta Dictionary Quickshelf.lnk = C:\Program Files\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe
O4 - Startup: Dual Calendar.Lnk = D:\care\Nepali Calender\Calendar.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: QuickDefine - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\eddefine.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFDE1ACB-3012-43BA-9384-654AEE553347}: NameServer = 202.79.32.35 202.79.32.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
thanks so much again!
rm
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
