View Full Version : [jeffige & Central]pop ups and trojans, oh my!
Hi, i ran a online virus scan, spybot, adware se, ewido, avg and several others to get rid of what ever it is i have to no avail.
Please help.
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 2:45:43 PM, on 3/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1010793599\ee\AOLSoftware.exe
C:\Program Files\DropSpam\oesrv.exe
C:\Program Files\dslifestyle\dslifestyle.exe
C:\WINNT\System32\swinqraf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\??crosoft.NET\j?vaw.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\MX240a\MX240a_AOL.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\fxssvc.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Documents and Settings\Gateway1\My Documents\my_downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dropspam.com/sidesearch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwZgbp0Dbid87pZRgEBCdkTxuFe6mvaLQChXDiSrSC32i5Dbg+frDkefsW+wG9U/BM8GTDuca/Eg8tfzbZGI+3MugsMpstvvcnaIf0r3nsEHE=
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {DD9639F8-A03C-D1B8-1EF4-F55A124A41CF} - C:\WINNT\System32\crydhrwk.dll (file missing)
O2 - BHO: (no name) - {00000000-0000-4CDC-A94F-0F86F229EA97} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINNT\System32\nsq37.dll
O2 - BHO: Katze - {2A611133-1C57-4DFB-A05C-07EE3BFE6D34} - C:\WINNT\System32\nsa104.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINNT\System32\irsmwiys.dll
O2 - BHO: Yvakt Class - {8EA23D66-E057-4D62-A8C0-86961B453F07} - C:\WINNT\System32\lsoda.dll (file missing)
O2 - BHO: Yvakt Class - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - C:\WINNT\System32\ejrwx8drl.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {DD9639F8-A03C-D1B8-1EF4-F55A124A41CF} - C:\WINNT\System32\crydhrwk.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [inkd] C:\WINNT\inkd.exe
O4 - HKLM\..\Run: [behmcdjl] C:\WINNT\System32\behmcdjl.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1010793599\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [oe_drop_spam] C:\Program Files\DropSpam\oesrv.exe
O4 - HKLM\..\Run: [DropSpam Lifestyle] "C:\Program Files\dslifestyle\dslifestyle.exe"
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [BearShare] "C:\My Music\BearShare.exe" /pause
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINNT\System32\swinqraf.exe FI002
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Radio@Netscape] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Neud] "C:\Program Files\nuro\oort.exe" -vt yazb
O4 - HKCU\..\Run: [Kruzqx] C:\WINNT\system32\??crosoft.NET\j?vaw.exe
O4 - Startup: MX240a.lnk = ?
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Startup: Zeno.lnk = C:\WINNT\system32\swinqraf.exe
O4 - Startup: Z_Start.lnk = C:\WINNT\system32\qodsregk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk572DJUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Looksitup Toolbar - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06df225cb14d6d756d06/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108724207905
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://ns-radio.netscape.com/radio/cabs/ampx.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
LonnyRJones
2006-04-01, 15:34
Welcome to the forum jeffige
In windows control panel addremove programs uninstall quicklinks
restart your pc afterwards. Once back make and post another Log.
Hi lonny, jeffige is my brother in law and im helping him with this... Here is the log from his puter.
thanks.
Leo "Central" Park
Logfile of HijackThis v1.99.1
Scan saved at 5:31:28 PM, on 4/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1010793599\ee\AOLSoftware.exe
C:\Program Files\DropSpam\oesrv.exe
C:\Program Files\dslifestyle\dslifestyle.exe
C:\WINNT\System32\swinqraf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM\aim.exe
C:\WINNT\system32\??crosoft.NET\j?vaw.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\MX240a\MX240a_AOL.exe
C:\Program Files\MX240a\MX240a_ftp_down.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\system32\fxssvc.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dropspam.com/sidesearch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwZgbp0Dbid87pZRgEBCdkTxuFe6mvaLQChXDiSrSC32i5Dbg+frDkefsW+wG9U/BM8GTDuca/Eg8tfzbZGI+3MugsMpstvvcnaIf0r3nsEHE=
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {DD9639F8-A03C-D1B8-1EF4-F55A124A41CF} - C:\WINNT\System32\crydhrwk.dll (file missing)
O2 - BHO: (no name) - {00000000-0000-4CDC-A94F-0F86F229EA97} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINNT\System32\nsq37.dll
O2 - BHO: Katze - {2A611133-1C57-4DFB-A05C-07EE3BFE6D34} - C:\WINNT\System32\nsa104.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINNT\System32\irsmwiys.dll
O2 - BHO: Yvakt Class - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - C:\WINNT\System32\ejrwx8drl.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {DD9639F8-A03C-D1B8-1EF4-F55A124A41CF} - C:\WINNT\System32\crydhrwk.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [inkd] C:\WINNT\inkd.exe
O4 - HKLM\..\Run: [behmcdjl] C:\WINNT\System32\behmcdjl.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1010793599\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [oe_drop_spam] C:\Program Files\DropSpam\oesrv.exe
O4 - HKLM\..\Run: [DropSpam Lifestyle] "C:\Program Files\dslifestyle\dslifestyle.exe"
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [BearShare] "C:\My Music\BearShare.exe" /pause
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINNT\System32\swinqraf.exe FI002
O4 - HKLM\..\RunOnce: [uououa] cmd /c IF EXIST "C:\Program Files\Jalmp\" ( rmdir /s /q "C:\Program Files\Jalmp\")
O4 - HKLM\..\RunOnce: [nB04Sf] cmd /c IF EXIST "C:\WINNT\System32\gvekjqw.exe" del /s /q "C:\WINNT\System32\gvekjqw.exe"
O4 - HKLM\..\RunOnce: [lPvOYWlf] cmd /c IF EXIST "C:\WINNT\System32\eyy0z2eo.exe" del /s /q "C:\WINNT\System32\eyy0z2eo.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Radio@Netscape] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Neud] "C:\Program Files\nuro\oort.exe" -vt yazb
O4 - HKCU\..\Run: [Kruzqx] C:\WINNT\system32\??crosoft.NET\j?vaw.exe
O4 - Startup: MX240a.lnk = ?
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Startup: Zeno.lnk = C:\WINNT\system32\swinqraf.exe
O4 - Startup: Z_Start.lnk = C:\WINNT\system32\qodsregk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk572DJUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Looksitup Toolbar - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06df225cb14d6d756d06/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108724207905
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://ns-radio.netscape.com/radio/cabs/ampx.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
LonnyRJones
2006-04-02, 14:48
Start Hijackthis and place a check next to these items If there.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dropspam.com/sidesearch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=w...cnaIf0r3nsEHE=
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {DD9639F8-A03C-D1B8-1EF4-F55A124A41CF} - C:\WINNT\System32\crydhrwk.dll (file missing)
O2 - BHO: (no name) - {00000000-0000-4CDC-A94F-0F86F229EA97} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll (file missing)
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINNT\System32\nsq37.dll
O2 - BHO: Katze - {2A611133-1C57-4DFB-A05C-07EE3BFE6D34} - C:\WINNT\System32\nsa104.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINNT\System32\irsmwiys.dll
O2 - BHO: Yvakt Class - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - C:\WINNT\System32\ejrwx8drl.dll (file missing)
O2 - BHO: (no name) - {DD9639F8-A03C-D1B8-1EF4-F55A124A41CF} - C:\WINNT\System32\crydhrwk.dll (file missing)
O4 - HKLM\..\Run: [inkd] C:\WINNT\inkd.exe
O4 - HKLM\..\Run: C:\WINNT\System32\behmcdjl.exe
O4 - HKLM\..\Run: [oe_drop_spam] C:\Program Files\DropSpam\oesrv.exe
O4 - HKLM\..\Run: [DropSpam Lifestyle] "C:\Program Files\dslifestyle\dslifestyle.exe"
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.ex
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINNT\System32\swinqraf.exe FI002
O4 - HKCU\..\Run: [Neud] "C:\Program Files\nuro\oort.exe" -vt yazb
O4 - HKCU\..\Run: [Kruzqx] C:\WINNT\system32\??crosoft.NET\j?vaw.exe
O4 - Startup: MX240a.lnk = ?
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Zeno.lnk = C:\WINNT\system32\swinqraf.exe
O4 - Startup: Z_Start.lnk = C:\WINNT\system32\qodsregk.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk572DJUS
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
====================================
Hit fix checked and close Hijackthis.
[B]Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
What program is this ?
C:\Program Files\MX240a
what version of bearshare is it you have ?
I suggest it be uninstalled unless it is the paid for version, along with all other infected p2p software, More info http://forums.spybot.info/showthread.php?t=282
Post back with another log
Here you go, he doesnt know what the mx240a is. As for the bearshare he thought he had uninstalled it and deleted it.
Logfile of HijackThis v1.99.1
Scan saved at 4:15:50 PM, on 4/2/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1010793599\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\fxssvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1010793599\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Radio@Netscape] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Looksitup Toolbar - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06df225cb14d6d756d06/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108724207905
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144018811061
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://ns-radio.netscape.com/radio/cabs/ampx.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
LonnyRJones
2006-04-03, 04:26
Can you zip up and attach the entire C:\Program Files\MX240a
Folder here please ?
http://www.thespykiller.co.uk/forum/index.php?board=1.0
Update suns java manualy
Sun Java V1.5.0_06 is Available: http://java.com/en/index.jsp
Afterwards Turn off it's auto-updater,(Its buggy) , in control panel java >
update tab uncheck its option to update automatically.
After you install the newer version its important to uninstall the old versions, via addremove programs.
http://forums.spybot.info/showthread.php?t=2559
Install SpywareBlaster (By JavaCool): http://www.javacoolsoftware.com/spywareblaster.html
1. folder mx240a you wanted here: http://www.thespykiller.co.uk/forum/index.php?topic=1327.0
2. Manual update- done
3. java update1 remove- done
4. autoupdate uncheck- done
5. spywareblaster installed- done default settings.
LonnyRJones
2006-04-03, 06:15
Looks ok
Motorola MX240a handheld software, connects via AOL Instant Messenger
Elite Communications Inc
Familur ?
Are there any questions or current problems now ?
heya Lonny,
Thanks!
Seems like the pop ups stopped, AVG however is still locating a "Trojan horse downloader.generic.TUC"
Everytime i have it delete it or quarantine it, it reappears. Done it some 5-6 times already.
LonnyRJones
2006-04-03, 13:54
What file and where exactly ?
Post a report from one or better yet both of these free online scans
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Save the report and post it back here please if there are any that it is unable to deal with.
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Gateway1\Local Settings\Temp\b2s_iris.exe/data0009 Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\Documents and Settings\Gateway1\Local Settings\Temp\b2s_iris.exe NSIS: infected - 1 skipped
C:\Documents and Settings\valery\Local Settings\Temp\adwsetup_upd.exe Infected: Trojan-Dropper.Win32.Agent.abb skipped
C:\Documents and Settings\valery\Local Settings\Temporary Internet Files\Content.IE5\65OHQD89\adsetup_silent.1.46[1].exe Infected: Trojan-Dropper.Win32.Agent.abb skipped
C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe NSIS: infected - 1 skipped
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SbShprRprt.exe/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SbShprRprt.exe NSIS: infected - 1 skipped
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SpamBlockerUtility.exe/data0012/data0004 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SpamBlockerUtility.exe/data0012 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SpamBlockerUtility.exe NSIS: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1606980848-179605362-1801674531-1004\Dc112.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\RECYCLER\S-1-5-21-1606980848-179605362-1801674531-1004\Dc112.exe WiseSFX: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1606980848-179605362-1801674531-1004\Dc112.exe WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP692\A0072151.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP692\A0072151.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP692\A0072151.exe WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP692\A0072165.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bv skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP694\A0072395.EXE/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP694\A0072395.EXE WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP694\A0072395.EXE WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP695\A0072451.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP696\A0072504.EXE Infected: not-a-virus:AdWare.Win32.SaveNow.bt skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP699\A0072746.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP736\A0078137.EXE/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP736\A0078137.EXE WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP736\A0078137.EXE WiseSFX Dropper: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP763\A0080243.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP765\A0080343.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP765\A0080351.DLL Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP765\A0080352.DLL Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP765\A0080353.DLL Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP765\A0080951.exe Infected: Trojan-Downloader.Win32.Qoologic.al skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP765\A0082550.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP767\A0082591.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP767\A0082592.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP767\A0082675.DLL Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP767\A0082676.DLL Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP770\A0082883.DLL Infected: not-a-virus:AdWare.Win32.Comet.c skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP770\A0082884.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP770\A0082885.DLL Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP770\A0082887.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ac skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086768.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086794.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086795.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086796.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086797.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086798.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086800.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086801.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086802.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086803.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086804.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086806.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086807.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086808.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086809.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086810.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086812.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086813.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086814.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086815.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086816.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086817.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ai skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP787\A0086823.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP790\A0087012.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP791\A0087080.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087253.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087254.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087255.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087256.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087257.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087259.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087260.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087261.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087262.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087263.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087264.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087265.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087266.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087267.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087268.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087274.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087275.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087332.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087333.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP792\A0087334.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ai skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP803\A0088961.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP803\A0088962.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP811\A0090257.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.i skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP814\A0090450.dll Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP817\A0091534.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP817\A0091631.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP866\A0095434.dll Infected: not-a-virus:AdWare.Win32.Sahat.w skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP866\A0095673.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095836.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095837.exe Infected: not-a-virus:AdWare.Win32.HotBar.bd skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095838.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095839.dll Infected: not-a-virus:AdWare.Win32.HotBar.bk skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095840.exe Infected: not-a-virus:AdWare.Win32.HotBar.bh skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095841.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095843.dll Infected: not-a-virus:AdWare.Win32.HotBar.av skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095844.exe Infected: not-a-virus:AdWare.Win32.Hotbar.ar skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095845.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095846.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095847.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095849.EXE Infected: not-a-virus:AdWare.Win32.PurityScan.ee skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095850.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe/instbb.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe/instbb.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe/instbb.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe/inviteexact.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.al skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe CAB: infected - 4 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe MimarSinan: infected - 4 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095853.exe UPX: infected - 4 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095854.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095855.exe/invnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095855.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095855.exe MimarSinan: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095855.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095856.exe/invnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095856.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095856.exe MimarSinan: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095856.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095857.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095858.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095859.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095860.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095862.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095863.dll Infected: not-a-virus:AdWare.Win32.SafeSurfing.a skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095864.exe Infected: not-a-virus:AdWare.Win32.SafeSurfing.y skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095865.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095866.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095867.dll Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095868.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095869.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095870.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095871.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.l skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095872.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095873.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095874.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095875.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095876.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095877.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095878.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095879.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.l skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095880.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095881.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095882.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095883.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095884.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.l skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095885.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095886.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095887.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095888.dll Infected: not-a-virus:AdWare.Win32.Mirar.b skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095889.exe RarSFX: infected - 6 skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP868\A0095890.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{A3DAEE03-35CE-4260-BD4C-64466AAA5DE4}\RP871\A0096064.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\WINNT\invnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\WINNT\nexus.exe/invnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\WINNT\nexus.exe/nexusexe.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\WINNT\nexus.exe CAB: infected - 2 skipped
C:\WINNT\nexus.exe MimarSinan: infected - 2 skipped
C:\WINNT\nexus.exe UPX: infected - 2 skipped
C:\WINNT\nexusexe.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\WINNT\system32\f3PSSavr.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\WINNT\system32\gu13927q.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINNT\YOINSI.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\WINNT\YOINSI.exe NSIS: infected - 1 skipped
Scan process completed.
Incident
Status
Location
Potentially unwanted tool:application/funweb Not disinfected C:\WINNT\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected C:\WINNT\SYSTEM32\f3PSSavr.scr
Adware:adware/pacimedia Not disinfected C:\Documents and Settings\Gateway1\Desktop\Click to Find and Fix Errors.url
Adware:adware/dropspam Not disinfected C:\PROGRAM FILES\DropSpam
Adware:adware/wupd Not disinfected C:\PROGRAM FILES\MediaGateway
Potentially unwanted tool:application/zango Not disinfected C:\PROGRAM FILES\Zango Programs
Adware:adware/zenosearch Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@adultfriendfinder[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@azjmp[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@com[1].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@errorguard[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@errorsafe[2].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@mmm.media-motor[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@realmedia[2].txt
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@research-int[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@searchportal.information[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@stats1.reliablestats[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@target[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@www.advnt01[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@www.errorsafe[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@adultfriendfinder[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@azjmp[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@com[1].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@errorguard[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@errorsafe[2].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@mmm.media-motor[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@realmedia[2].txt
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@research-int[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@searchportal.information[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@stats1.reliablestats[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@target[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@winfixer[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@www.advnt01[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Gateway1\Cookies\gateway1@www.errorsafe[2].txt
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Gateway1\Local Settings\Temp\temp.fr7A6C\ACM.dll
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\valery\Cookies\valery@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\valery\Cookies\valery@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\valery\Cookies\valery@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\valery\Cookies\valery@atwola[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\valery\Cookies\valery@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\valery\Cookies\valery@belnk[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\valery\Cookies\valery@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\valery\Cookies\valery@dist.belnk[2].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\valery\Cookies\valery@errorguard[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\valery\Cookies\valery@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\valery\Cookies\valery@i.screensavers[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\valery\Cookies\valery@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\valery\Cookies\valery@searchportal.information[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\valery\Cookies\valery@tucows[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\valery\Cookies\valery@uol.com[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\valery\Cookies\valery@winfixer[2].txt
Adware:Adware/DropSpam Not disinfected C:\Program Files\dslifestyle\dslifestyle.exe
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINNT\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Adware:Adware/Qoologic Not disinfected C:\WINNT\nexusexe.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINNT\system32\f3PSSavr.scr
LonnyRJones
2006-04-04, 07:46
Manualy delete these files/folders
C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe
C:\WINNT\SYSTEM32\f3PSSavr.scr
C:\Documents and Settings\Gateway1\Desktop\Click to Find and Fix Errors.url
C:\PROGRAM FILES\DropSpam
C:\PROGRAM FILES\MediaGateway
C:\PROGRAM FILES\Zango Programs
C:\Program Files\dslifestyle
C:\WINNT\nexusexe.exe
C:\Program Files\SpamBlockerUtility
C:\WINNT\System32\swinqraf.exe
C:\Program Files\nuro
C:\Program Files\Jalmp
C:\WINNT\inkd.exe
C:\WINNT\System32\behmcdjl.exe
C:\Program Files\ProSiteFinder
Clear temps with a program such as System Security Suite.
http://www.igorshpak.net/
Extract it from the zip file and run setup.exe
after the install you can delete setup.exe and the downloaded zip file
Start the program Check all the boxes under the 'Items to Clear' (except perhaps cookies) tab and click
'Clear Selected Items'. You will be prompted to reboot, do so.
Purge System Restore
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Then Reboot. < Dont skip that step.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
=======================================
Let us know of any problems
Will have the results for you soon lonny, still trying to make it over to his house.
this is after the last step above and then last ewido scan. Does this make it all clean or any other steps needed?
thanks lonny
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:17:10 AM, 4/9/2006
+ Report-Checksum: 162E309C
+ Scan result:
C:\Documents and Settings\Gateway1\Cookies\gateway1@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINNT\nexus.exe -> Trojan.Imiserv.c : Cleaned with backup
::Report End
sorry no edit option.. but finishing off from up top... the nexus file i some how couldnt find it to delete it.
edit top post:
ok i was looking up "nexusexe.exe" I did a search under "nexus" now and found 4, should i delete all? 3 in c:\\winnt\nexus...
One in a user profile.
LonnyRJones
2006-04-09, 23:34
Ewido removed it
Post one more Hiajckthis log, then you should be good to go.
LonnyRJones
2006-04-09, 23:45
Post the exact location and name of suspicious files,
I think you'l find the nexus in WINNT\system32 is a lagitamate file.
sorry taking so long, will have it sometime today. Just posting so it doesnt go to archive ;)
Logfile of HijackThis v1.99.1
Scan saved at 11:03:48 PM, on 4/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1010793599\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\system32\fxssvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1010793599\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Radio@Netscape] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Looksitup Toolbar - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06df225cb14d6d756d06/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108724207905
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144018811061
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://ns-radio.netscape.com/radio/cabs/ampx.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
LonnyRJones
2006-04-13, 10:37
In windows addremove program's uninstall
any webhancer programs
any MyWebSearch programs
(optional) any Viewpoint programs
For security reasons Update suns java manualy
Sun Java V1.5.0_06 is Available: http://java.com/en/index.jsp
Afterwards Turn off it's auto-updater,(Its buggy) , in control panel java >
update tab uncheck its option to update automatically.
After you install the newer version its important to uninstall the old versions, via addremove programs.
http://forums.spybot.info/showthread.php?t=2559
Restart the PC and post back with another log, be sure to mention any current problems.
Hey lonny,
I could not find any Webhancer in add/remove.. there was is ..... web nexus network
Logfile of HijackThis v1.99.1
Scan saved at 8:35:12 PM, on 4/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1010793599\ee\AOLSoftware.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\WordWeb\wweb32.exe
c:\program files\common files\aol\1010793599\ee\aim6.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\fxssvc.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1010793599\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Radio@Netscape] C:\Program Files\Radio@Netscape\Radio@Netscape.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Looksitup Toolbar - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06df225cb14d6d756d06/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108724207905
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144018811061
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://ns-radio.netscape.com/radio/cabs/ampx.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
LonnyRJones
2006-04-15, 05:51
Looks ok except for the lack of windows and internet explorer updates
ok great, going to update that now.
thanks lonny!
As the problem appears to be resolved this topic will be archived. :)
If you need it re-opened please send me a pm and provide a link to the thread.
Thanks Lonny.