|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
I Can't stop the pop-ups....
Here is my HJT log. I just went through a lot to get rid of a virus, but now I have all these pop-ups and everything is a mess! I would sure appreciate your help!
Logfile of HijackThis v1.99.1 Scan saved at 2:31:40 PM, on 2/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer .exe C:\WINDOWS\CDProxyServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe C:\WINDOWS\elitemediapop.exe C:\windows\system32\dwdsregt.exe C:\WINDOWS\system32\hpsw.exe C:\WINDOWS\system32\wgse.exe C:\Program Files\arlr\tsnt.exe C:\WINDOWS\system32\??oolsv.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\kwinnsap.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {58EE20B9-9552-EE85-2A75-CBCE18B8E3B6} - C:\WINDOWS\system32\jgjwffi.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINDOWS\system32\nsa89.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll O2 - BHO: (no name) - {58EE20B9-9552-EE85-2A75-CBCE18B8E3B6} - C:\WINDOWS\system32\jgjwffi.dll O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmmbez.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RecoverFromReboot.SS] C:\WINDOWS\Temp\RECOVE~1.EXE O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [elitemedia] C:\WINDOWS\elitemediapop.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lldpx4.exe reg_run O4 - HKLM\..\Run: [{19-9E-E9-95-ZN}] C:\windows\system32\dwdsregt.exe FI002 O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe" O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\kwinnsap.exe FI002 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\HijackThis.exe /startupscan O4 - HKCU\..\Run: [Auaa] "C:\Program Files\arlr\tsnt.exe" -vt yazb O4 - HKCU\..\Run: [Qoqt] C:\WINDOWS\system32\??oolsv.exe O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinnsap.exe O4 - Startup: Z_Start.lnk = C:\WINDOWS\ZIFI002.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file) O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.elitemediagroup.net O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120273042890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138129059484 O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c17.cab O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.msishopper.net/Site/Recei...eUploader3.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3313.cab O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer .exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
#2
|
|||
|
|||
Hi,
1- Download this uninstaller. Run it and reboot. 2- download miekiemoes' LQfix batch here: http://www.downloads.subratam.org/LQfix.zip Unzip it to the desktop but do NOT run it yet. 3- Update Ewido. Reboot your computer in SafeMode . 1- run LQfix.bat. 2- Still in safe mode, Run Ewido: Click on scanner Click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop Close Ewido Reboot in normal mode and here: - Post a new HijackThis log. - Copy/paste the Ewido report, please. |
#3
|
|||
|
|||
Hijackthis log and Ewida log
Here they are! Thanks!
Logfile of HijackThis v1.99.1 Scan saved at 5:43:12 PM, on 2/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer .exe C:\WINDOWS\CDProxyServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis.exe C:\Program Files\arlr\tsnt.exe C:\WINDOWS\system32\r?gedit.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\HPZipm12.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - {04B47FBC-C107-B1D2-2C75-CBCE18B8B8BB} - C:\WINDOWS\system32\nans.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINDOWS\system32\nsa89.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: (no name) - {04B47FBC-C107-B1D2-2C75-CBCE18B8B8BB} - C:\WINDOWS\system32\nans.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll (file missing) O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmmbez.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing) O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RecoverFromReboot.SS] C:\WINDOWS\Temp\RECOVE~1.EXE O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\HijackThis.exe /startupscan O4 - HKCU\..\Run: [Auaa] "C:\Program Files\arlr\tsnt.exe" -vt yazb O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe O4 - HKCU\..\Run: [Bor] C:\WINDOWS\system32\r?gedit.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinnsap.exe O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file) O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120273042890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138129059484 O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c17.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.msishopper.net/Site/Recei...eUploader3.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3313.cab O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer .exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
#4
|
|||
|
|||
---------------------------------------------------------
ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 5:37:57 PM, 2/6/2006 + Report-Checksum: D646F8D4 + Scan result: HKLM\SOFTWARE\Clickspring -> Spyware.PurityScan : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup HKU\S-1-5-21-1390067357-1123561945-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup HKU\S-1-5-21-1390067357-1123561945-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nnta.exe -> Downloader.Qoologic.ac : Cleaned with backup :mozilla.23:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.24:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.25:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.26:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.27:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.28:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.29:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.30:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.31:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.34:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.35:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.36:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.41:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.42:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.43:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.44:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.45:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.46:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.47:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup :mozilla.61:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.88:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup :mozilla.89:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Spylog : Cleaned with backup :mozilla.90:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup :mozilla.91:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup :mozilla.92:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup :mozilla.93:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup :mozilla.94:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup :mozilla.95:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup :mozilla.96:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.****-access : Cleaned with backup :mozilla.98:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.99:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup :mozilla.112:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.113:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.114:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.115:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.119:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.120:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.121:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.122:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup :mozilla.123:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup :mozilla.124:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup :mozilla.128:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup :mozilla.129:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup :mozilla.130:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup :mozilla.131:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.146:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.147:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.148:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.149:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.150:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.151:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.152:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.153:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.154:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.165:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.173:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.189:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.190:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.191:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.192:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.193:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.194:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.195:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.196:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.197:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.202:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.203:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup :mozilla.204:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.205:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.206:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.207:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.208:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.209:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.210:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.214:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup :mozilla.246:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.247:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.248:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.249:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.250:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.251:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.263:C:\Documents and Settings\Geoff\Application |
#5
|
|||
|
|||
Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.265:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.266:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.291:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.330:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.333:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.334:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.338:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup :mozilla.339:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.343:C:\Documents and Settings\Geoff\Application Data\Mozilla\Firefox\Profiles\f7p5ebka.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.6:C:\Documents and Settings\Geoff\Application Data\Netscape\NSB\Profiles\icnmhgbu.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.7:C:\Documents and Settings\Geoff\Application Data\Netscape\NSB\Profiles\icnmhgbu.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.9:C:\Documents and Settings\Geoff\Application Data\Netscape\NSB\Profiles\icnmhgbu.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.10:C:\Documents and Settings\Geoff\Application Data\Netscape\NSB\Profiles\icnmhgbu.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@data1.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@e-2dj6wfkoklcpakp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@e-2dj6wjl4glcpibp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@s.as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@sel.as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@www.casinotropez[2].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@www.popuptraffic[1].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Geoff\Cookies\geoff@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\Documents and Settings\Geoff\Local Settings\Temp\adwsetup_upd.exe -> Dropper.Agent.abb : Cleaned with backup C:\Documents and Settings\Geoff\Local Settings\Temp\F9A85.tmp/drwst.exe -> Adware.MDH : Cleaned with backup C:\Documents and Settings\Geoff\Local Settings\Temp\mndcntas.tmp -> Adware.SafeSurfing : Cleaned with backup C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\41YNKXMZ\htwfdr[1].exe -> Downloader.Small.bmx : Cleaned with backup C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\45YRI3W9\adsetup_silent.1.32[1].exe -> Dropper.Agent.abb : Cleaned with backup C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\492B8LIZ\titdric[1].cab/drwst.exe -> Adware.MDH : Cleaned with backup C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\492B8LIZ\WinATS[1].cab/WinATS.dll -> Adware.Mirar : Cleaned with backup C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\GHIV89MZ\login[2].htm -> Logger.Paylap.hp : Cleaned with backup C:\Documents and Settings\Geoff\Local Settings\Temporary Internet Files\Content.IE5\XSTD395R\876057[1].exe -> Adware.Mirar : Cleaned with backup C:\Program Files\Jalmp\jalmp.dll -> Adware.Suggestor : Cleaned with backup C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll -> Adware.Agent : Cleaned with backup C:\Program Files\Zango Programs\Zango Toolbar\ZangoTBUninstaller.exe -> Adware.180Solutions : Cleaned with backup C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup C:\WINDOWS\htwfdr.exe -> Downloader.Small.bmx : Cleaned with backup C:\WINDOWS\system32\bboaxrn.exe -> Downloader.Qoologic.ac : Cleaned with backup C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\system32\hpsw.exe -> Adware.Suggestor : Cleaned with backup C:\WINDOWS\system32\irismon.dll -> Spyware.SafeSurfing : Cleaned with backup C:\WINDOWS\system32\jjbar.dll -> Downloader.Qoologic.ac : Cleaned with backup C:\WINDOWS\system32\kwinnsap.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\system32\lldpx4.exe -> Downloader.Qoologic.ac : Cleaned with backup C:\WINDOWS\system32\ppvug.dat -> Downloader.Qoologic.ac : Cleaned with backup C:\WINDOWS\system32\rmdsregk.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\system32\ssgsfkj.dll -> Downloader.Qoologic.ac : Cleaned with backup C:\WINDOWS\system32\wgse.exe -> Trojan.Runner.h : Cleaned with backup C:\WINDOWS\system32\WinATS.dll -> Adware.Mirar : Cleaned with backup C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup ::Report End |
#6
|
|||
|
|||
A good cleaning !
We'll end with this : 1- Close all browser windows, run only HijackThis and tick : R3 - URLSearchHook: (no name) - {04B47FBC-C107-B1D2-2C75-CBCE18B8B8BB} - C:\WINDOWS\system32\nans.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINDOWS\system32\nsa89.dll O2 - BHO: (no name) - {04B47FBC-C107-B1D2-2C75-CBCE18B8B8BB} - C:\WINDOWS\system32\nans.dll O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll (file missing) O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmmbez.dll O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing) O4 - HKCU\..\Run: [Auaa] "C:\Program Files\arlr\tsnt.exe" -vt yazb O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe O4 - HKCU\..\Run: [Bor] C:\WINDOWS\system32\r?gedit.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinnsap.exe O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe Click "Fix checked" and close HijackThis. 2- Download Pocket Killbox from HERE. Run Killbox and paste the full file path of each of the below files in the box and tick "Delete on Reboot". Next click on the button with the red circle and an X in the middle ("Delete file"). You will get a message saying "File will be deleted on next reboot" Click "Yes" and another : " Files will be removed on reboot. Do you want to reboot now ?" . Click "No" Click "Yes" after the last file and let the computer reboot. C:\Program Files\arlr\tsnt.exe C:\WINDOWS\system32\irssyncd.exe C:\WINDOWS\system32\kwinnsap.exe C:\WINDOWS\system32\dwdsregt.exe 3- After the reboot : Download DelDomains on your desktop. Right click it and choose "Install". After all that, post a new log and let me know how the computer is running, please. |
#7
|
|||
|
|||
Recent HJT log
Here it is...
Logfile of HijackThis v1.99.1 Scan saved at 2:22:38 PM, on 2/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer .exe C:\WINDOWS\CDProxyServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RecoverFromReboot.SS] C:\WINDOWS\Temp\RECOVE~1.EXE O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\HijackThis.exe /startupscan O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file) O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120273042890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138129059484 O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c17.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.msishopper.net/Site/Recei...eUploader3.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3313.cab O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer .exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe My computer seems to be running OK for the moment, lol... |
#8
|
|||
|
|||
Ok. Near to be clean.
Run HijackThis and check : O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll Click "Fix checked" and close HijackThis. Now, run again PocketKillBox. In "Paste full path of file..", copy/paste : C:\PROGRA~1\Jalmp\jalmp.dll Tick "Delete on reboot". Click "Delete file" (the white cross). Let the computer reboot and post a new log, please. I think that everything will be ok. |
#9
|
|||
|
|||
Last HJT log
Still runnin' great! I really appreciate your help!!!
Logfile of HijackThis v1.99.1 Scan saved at 3:17:27 PM, on 2/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer .exe C:\WINDOWS\CDProxyServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HijackThis.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RecoverFromReboot.SS] C:\WINDOWS\Temp\RECOVE~1.EXE O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\HijackThis.exe /startupscan O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file) O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120273042890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138129059484 O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c17.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.msishopper.net/Site/Recei...eUploader3.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3313.cab O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer .exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
#10
|
|||
|
|||
Everything looks clean, now.
|
#11
|
|||
|
|||
Thanks a million!
Awesome! I appreciate this so much! You are the best! Have a good one! leased:
|
#12
|
|||
|
|||
You're welcome, brendahineman !
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Trying to stop it before it gets bad. | niotic | Malware Removal | 40 | July 8th, 2009 03:58 AM |
how to stop the ads. | nayan | Internet / Browsers | 1 | March 25th, 2009 01:03 PM |
stop: 0x0000007a to stop: 0x000000ED error? | Chuckaroo | Windows XP | 1 | July 12th, 2008 02:47 PM |
POP ups won't stop | Kellyl | Malware Removal | 6 | February 8th, 2008 08:41 PM |
Help me stop the pop-ups | IainElder | Malware Removal | 4 | September 9th, 2006 04:36 PM |
All times are GMT +1. The time now is 10:07 AM.