View Full Version : Constant popups, PC slowed down, nothing works!
Violent Ryo
2006-08-14, 03:05
Hi guys, here's my problem:
Doesn't matter what I am doing, I keep getting pop ups even when not using internet explorer, and they are the same ones that keep circulating (mainly adultfriendfinder, some casino crap, and ads for anti-spyware removal etc).
My PC has also slowed down.
I have tried numerous programs to fix this problem like Spybot, StompZilla, Lavasoft Adaware, McAfee AntiVirus, and a few others but to no avail.
Still getting the same pop ups and a slowed down PC.
Please help!
pskelley
2006-08-14, 03:57
Hello and welcome to the forum Please be advised that most forums Pin the information you need at the top of the page. These two links are a must before you can proceed, but I suggest you review all Pinned (Sticky) information.
http://forums.spybot.info/showthread.php?t=425
http://forums.spybot.info/showthread.php?t=288
Thanks...pskelley
Safer Networking Forums
Violent Ryo
2006-08-14, 06:10
This is my current HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:09:18 AM, on 8/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IntCodec\pmsngr.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\IntCodec\pmmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\VM303_STI.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: BrowserHelper Class - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\StopzillaBHO.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autorun
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.70.10.0_MEGAPANEL_USA.cab
O16 - DPF: {95EEE69E-27B4-4D13-BD32-766617A16909} (NDTVVideo.MPlayer) - http://www.ndtv.com/video/NDTVseekvideo.CAB
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {F2392E4A-FD11-4FA3-8B89-E7CCD0560074} (PDAXInstaller Class) - http://freepcsecure.imu.kiev.ua/members/PDActiveXInstaller.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: devasf - devasf.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
pskelley
2006-08-14, 14:33
Thanks for returning the information, follow the directions in this link:
http://forums.spybot.info/showthread.php?t=4015
When you finish the instructions, post the three logs in this same topic using the "Post Reply" button.
Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.
Thanks...pskelley
Safer Networking Forums
If you would like to let your thoughts be known about the lowlifes who put that junk on your computer, you can do that here:
If you have been infected by one of the SpyAxe family
http://forums.tomcoyote.org/index.php?showtopic=58063
http://www.malwarecomplaints.info/
Violent Ryo
2006-08-15, 07:23
Thanks pskelly for the instructions, here is the rapport report:
SmitFraudFix v2.81
Scan done at 22:06:57.18, Mon 08/14/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
HKLM\SOFTWARE\WinHound.com Deleted
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Violent Ryo
2006-08-15, 07:25
I have to seperate the log into two parts because the post was too long
Ewido log 1of 2:
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:00:34 AM 8/15/2006
+ Scan result:
C:\Documents and Settings\Owner\Desktop\Kamran's Folder\DC\STOPzilla! 4.0 Incl Keygen And Server Auth Patch\STOPzilla! 4.0 Incl Keygen And Server Auth Patch.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-3797100528-2794478763-2219376567-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-3797100528-2794478763-2219376567-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-3797100528-2794478763-2219376567-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5753791B-F607-48CA-814E-91C14D081F9E} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\Kamran's Folder\ATOMIX\AUTOMIX patch\patch.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\Kamran's Folder\DC\Eset.NOD32.Antivirus.Administrator.Edition.v2.50.16. + CRACK.rar/KEY Gen.exe -> Dropper.Agent.ann : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N73M0604NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : Ignored.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N73M0604NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : Ignored.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D09M0706NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
:mozilla.426:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.479:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.481:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.492:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.493:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.502:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.520:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.522:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.523:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.527:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.533:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.535:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.538:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.547:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.515:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.516:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.517:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.518:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.519:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.451:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.480:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.435:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.401:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.424:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.418:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.402:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.404:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.456:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.378:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.388:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.390:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
Violent Ryo
2006-08-15, 07:26
Ewido log 2 of 2:
:mozilla.453:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.468:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.358:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.322:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.323:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.344:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.360:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.440:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.441:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.442:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.443:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.272:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.267:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.508:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.512:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.513:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.514:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.241:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.394:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.497:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.526:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.528:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.529:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.530:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.531:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.532:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.534:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tu2wed0d.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
::Report end
Violent Ryo
2006-08-15, 07:26
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:20:27 AM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.70.10.0_MEGAPANEL_USA.cab
O16 - DPF: {95EEE69E-27B4-4D13-BD32-766617A16909} (NDTVVideo.MPlayer) - http://www.ndtv.com/video/NDTVseekvideo.CAB
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {F2392E4A-FD11-4FA3-8B89-E7CCD0560074} (PDAXInstaller Class) - http://freepcsecure.imu.kiev.ua/members/PDActiveXInstaller.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: devasf - devasf.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
pskelley
2006-08-15, 14:27
Thanks for returning the information, seem you have "Ignored" this junk:
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored.
Do you know what you are doing? My advice would be to run ewido again, in safe mode, and remove everything it locates.
You are storing junk cookies in Firefox, here is information to help you stop that if you wish:
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
Did you purchase SpySweeper? If not I would uninstall it, I can't see any benefits once the trial is over.
Do you know this: http://www.castlecops.com/clsid-927.html about this program: FlashGet
I just don't trust any program that puts adware on my computer for any reason.
This one is optional, I will schedule it and you can decide: O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
See this: http://www.castlecops.com/startuplist-180.html
Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R3 - Default URLSearchHook is missing
(clutter)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O20 - Winlogon Notify: devasf - devasf.dll (file missing)
(clutter)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Respond to my questions and post a last HJT log, tell me how the computer is running and we will get you on your way.
Thanks...Phil
This topic is closed due to lack of a response to helper. :scratch:
If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.