Followed Sticky Removal of Malware (Checking if Clean)

R

rbaron25

New member
Hi,
Followed the Sticky to remove malware. Had the syssecuritysite active and prob some others. First is Ewido scan
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:55:36 PM, 13/07/2006
+ Report-Checksum: B8234659

+ Scan result:

:mozilla.10:C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\hlczh4m8.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned without backup
:mozilla.12:C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\hlczh4m8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup
:mozilla.14:C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\hlczh4m8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup


::Report End

Posting SpyBot and Hijack this log below
Cheers
Rbaron25
 
SpyBot Log Report

I think I did something wrong with the log for Spybot everyones seems shorter?
--- Search result list ---
Congratulations!: No immediate threats were found. ()

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-04-25 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-04-21 Includes\Cookies.sbi (*)
2006-04-21 Includes\Dialer.sbi (*)
2006-04-21 Includes\Hijackers.sbi (*)
2006-04-21 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-04-21 Includes\Malware.sbi (*)
2006-04-21 Includes\PUPS.sbi (*)
2006-04-21 Includes\Revision.sbi (*)
2006-04-21 Includes\Security.sbi (*)
2006-04-21 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-04-21 Includes\Trojans.sbi (*)


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Security Update for Windows XP (KB918439)


--- Startup entries list ---
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: e7be65bf79906aebc698e077d53f6a1c

Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 66680

Located: HK_LM:Run, CTDVDDet
command: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
file: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
size: 40960

Located: HK_LM:Run, CTHelper
command: CTHELPER.EXE
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 24576


Located: HK_LM:Run, CTSysVol
command: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
file: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
size: 53248


Located: HK_LM:Run, EPSON Stylus C65 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
size: 99840

Located: HK_LM:Run, HTpatch
command: C:\WINDOWS\htpatch.exe
file: C:\WINDOWS\htpatch.exe
size: 28672

Located: HK_LM:Run, InCD
command: C:\Program Files\Ahead\InCD\InCD.exe
file: C:\Program Files\Ahead\InCD\InCD.exe
size: 1349120

Located: HK_LM:Run, IntelliType
command: "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
file: C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
size: 94208

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648

Located: HK_LM:Run, POINTER
command: point32.exe
file:

Located: HK_LM:Run, SiSUSBRG
command: C:\WINDOWS\SiSUSBrg.exe
file: C:\WINDOWS\SiSUSBrg.exe
size: 106496

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
size: 36975

Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112

Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\\vptray.exe
file: C:\PROGRA~1\SYMANT~1\\vptray.exe
size: 124232

Located: HK_LM:Run, Zone Labs Client
command: "D:\Utilities\ZoneAlarm\zlclient.exe"
file: D:\Utilities\ZoneAlarm\zlclient.exe
size: 968696

Located: HK_LM:Run, CTStartup (DISABLED)
command: "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
file: C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE
size: 49152

Located: HK_CU:Run, SpybotSD TeaTimer
command: D:\Utilities\Spybot - Search & Destroy\TeaTimer.exe
file: D:\Utilities\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38

Located: HK_CU:Run, Spyware Doctor
command: "D:\Utilities\Spyware Doctor\swdoctor.exe" /Q
file: D:\Utilities\Spyware Doctor\swdoctor.exe
size: 1947872
MD5: 574df549b6060bfe8847d69cb726ffbb

Located: HK_CU:Run, Steam
command:
file:

Located: Startup (common), APC UPS Status.lnk
command: C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
file: C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
size: 209005
MD5: a160e59544cc71e981cf512a4958f0c6

Located: Startup (common), gwum.lnk
command: C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
file: C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
size: 475136
MD5: feb7eed22ae598f161caa9c84b1ecee6

Located: Startup (common), Microsoft Office.lnk
command: D:\Microsoft Office\Office10\OSA.EXE
file: D:\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 83272
MD5: 123bd287cff65cef573c731f97e8dda3

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: d:\Utilities\Adobe\Reader\ActiveX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 27/01/2005 9:22:48 PM
Date (last access): 13/07/2006 7:58:14 PM
Date (last write): 2/03/2001 12:02:04 PM
Filesize: 37808
Attributes:
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 1.0.0.1

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: D:\UTILIT~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 25/04/2006 12:48:40 PM
Date (last access): 13/07/2006 7:58:14 PM
Date (last write): 31/05/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard)
BHO name:
CLSID name: PCTools Site Guard
Path: D:\UTILIT~1\SPYWAR~1\tools\
Long name: iesdsg.dll
Short name:
Date (created): 9/07/2006 11:57:26 AM
Date (last access): 13/07/2006 7:58:14 PM
Date (last write): 24/11/2005 6:02:54 PM
Filesize: 624864
Attributes: archive
MD5: 536A8687A8D54FB19D74BB6463296562
CRC32: 24F2B04F
Version: 3.0.0.62

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 22/04/2006 4:27:04 PM
Date (last access): 13/07/2006 7:58:16 PM
Date (last write): 14/02/2006 8:05:30 PM
Filesize: 1191424
Attributes: readonly archive
MD5: 677C42CD9FE9C13B4B7B601A2E4065B0
CRC32: 58231F90
Version: 3.0.131.0

{B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
BHO name:
CLSID name: PCTools Browser Monitor
Path: D:\UTILIT~1\SPYWAR~1\tools\
Long name: iesdpb.dll
Short name:
Date (created): 9/07/2006 11:57:26 AM
Date (last access): 13/07/2006 7:58:16 PM
Date (last write): 26/10/2005 2:23:22 PM
Filesize: 682184
Attributes: archive
MD5: 2C72618FF574F153A335F2A4C5EB4DA4
CRC32: 937DBB6D
Version: 3.0.0.270

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
BHO name:
CLSID name: EpsonToolBandKicker Class
Path: D:\Utilities\Printer\Web2Page\EPSON Web-To-Page\
Long name: EPSON Web-To-Page.dll
Short name: EPSONW~1.DLL
Date (created): 1/04/2006 9:29:32 PM
Date (last access): 13/07/2006 7:58:16 PM
Date (last write): 10/02/2004 2:08:58 PM
Filesize: 339968
Attributes: archive
MD5: 230F34EB9C919978C23E6939120DB35C
CRC32: D4C5D89F
Version: 1.0.0.0



--- ActiveX list ---
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 17/05/2006 2:32:30 PM
Date (last access): 13/07/2006 7:57:16 PM
Date (last write): 17/05/2006 2:32:30 PM
Filesize: 231072
Attributes: archive
MD5: A5E06A91CF82D97985C90B12FEE33A01
CRC32: 5AC66733
Version: 2006.2.22.58

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 17/05/2006 2:32:42 PM
Date (last access): 13/07/2006 7:57:18 PM
Date (last write): 17/05/2006 2:32:42 PM
Filesize: 161480
Attributes: archive
MD5: D9021B7C1D765851774FD9A753AEC435
CRC32: 6D65423F
Version: 2006.2.15.43

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8b.ocx
Short name:
Date (created): 31/03/2006 11:45:12 AM
Date (last access): 13/07/2006 6:29:58 PM
Date (last write): 31/03/2006 11:45:12 AM
Filesize: 1443464
Attributes: readonly archive
MD5: 12719EDDAAB9CAEEF28C6E58192F594B
CRC32: 680E085C
Version: 8.0.24.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 164 ( 4) \SystemRoot\System32\smss.exe
PID: 216 ( 164) \??\C:\WINDOWS\system32\csrss.exe
PID: 240 ( 164) \??\C:\WINDOWS\system32\winlogon.exe
PID: 284 ( 240) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 296 ( 240) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 432 ( 284) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 480 ( 284) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 524 ( 284) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 816 ( 792) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 944 ( 816) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 388B8FBC36A8558587AFC90FB23A3B99
PID: 780 (1044) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 388B8FBC36A8558587AFC90FB23A3B99
PID: 408 ( 816) D:\Utilities\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 13/07/2006 8:06:18 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm




Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
 
HiJack this final log after rebooting out of Safe Mode

Logfile of HijackThis v1.99.1
Scan saved at 8:21:43 PM, on 13/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Utilities\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Utilities\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Utilities\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\Utilities\Spybot - Search & Destroy\TeaTimer.exe
D:\Utilities\Spyware Doctor\swdoctor.exe
D:\UTILIT~1\INTERN~1\mum.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\Utilities\Firefox\firefox.exe
D:\Utilities\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Utilities\Adobe\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\UTILIT~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\UTILIT~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Utilities\Printer\Web2Page\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Utilities\Printer\Web2Page\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Utilities\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Utilities\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Utilities\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [InternodeUsage] D:\UTILIT~1\INTERN~1\mum.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\UTILIT~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - D:\Utilities\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Utilities\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - D:\Utilities\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks in advance of any help and advice
Cheers
Rbaron
 
Hi rbaron25

It appears as though you have not updated SpyBot, please do so, updates are usualy out every friday.

What version of ewido do you have ? they came out with version 4 recently.

What are the problems you are seeing ? any search hijackthis or homepage changes ? uncommon popups ?
 
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.

Applies only to the original topic starter.
 
You must log in or register to reply here.
Back
Top