Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Freezing. Please Help me?


  • Please log in to reply
6 replies to this topic

#1 Fred newby

Fred newby

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 31 August 2005 - 05:07 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:05:58 PM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\gearsec.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [*avjpeg] C:\WINDOWS\security\Database\avjpeg.exe
O4 - HKLM\..\Run: [*java] C:\WINDOWS\msagent\java.exe
O4 - HKLM\..\Run: [*sw] C:\WINDOWS\Cursors\sw.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [avjpeg] C:\WINDOWS\security\Database\avjpeg.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9EFCD61-677C-41CC-B351-18345780CBB5}: NameServer = 4.2.2.1,4.2.2.2
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 September 2005 - 08:21 AM

If you are still requiring help with your HijackThis log,please post a fresh one since so much time has passed!

#3 Fred newby

Fred newby
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 05 September 2005 - 06:11 PM

Thanks for the reply. I am still in need of help. This is the latest log. Thanks in advance for the help.

Logfile of HijackThis v1.99.1
Scan saved at 6:58:22 PM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\gearsec.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [*avjpeg] C:\WINDOWS\security\Database\avjpeg.exe
O4 - HKLM\..\Run: [*java] C:\WINDOWS\msagent\java.exe
O4 - HKLM\..\Run: [*sw] C:\WINDOWS\Cursors\sw.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [avjpeg] C:\WINDOWS\security\Database\avjpeg.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9EFCD61-677C-41CC-B351-18345780CBB5}: NameServer = 4.2.2.1,4.2.2.2
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 September 2005 - 05:33 AM

Go to Add\Remove Programs and Remove

Error Nucker
NewDotNet
New.Net



Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.



Download and Install
CleanUp!
Dont use it yet!


Download Pocket KillBox from here:
http://www.atribune.org/downloads/KillBox.exe


Highlight the list below and press Ctrl+C to Copy!

C:\WINDOWS\security\Database\avjpeg.exe
C:\WINDOWS\msagent\java.exe
C:\WINDOWS\Cursors\sw.exe
C:\Program Files\Error Nuker


Open Pocket Killbox-> Click File-> Click Paste from Clipboard!

Place a tick by Delete on Reboot-> Click the Red Circle to Delete!

Click Yes to the Prompts that follow and let Killbox Reboot the PC!


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O4 - HKLM\..\Run: [*avjpeg] C:\WINDOWS\security\Database\avjpeg.exe

O4 - HKLM\..\Run: [*java] C:\WINDOWS\msagent\java.exe

O4 - HKLM\..\Run: [*sw] C:\WINDOWS\Cursors\sw.exe

O4 - HKLM\..\Run: [avjpeg] C:\WINDOWS\security\Database\avjpeg.exe

O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!


Now Scan the entire System with Ewido-> Clean all it finds-> Be sure to click the tab to Save a Report!


From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from WinPFind-> Ewido and Panda!

#5 Fred newby

Fred newby
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 06 September 2005 - 07:44 PM

Please bare with me. I am not quite sure of what I am doing. Thanks for your patience with this. It fought me until the very end freezing up constantly. I could not run Panda for some reason I kept getting error messages. This is what I got.

Logfile of HijackThis v1.99.1
Scan saved at 8:32:47 PM, on 9/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\ewido\security suite\ewidoctrl.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\gearsec.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9EFCD61-677C-41CC-B351-18345780CBB5}: NameServer = 4.2.2.1,4.2.2.2
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:15:53 PM, 9/6/2005
+ Report-Checksum: BCCE8BF

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6E0ED53C-9908-49ED-B055-7CB31B162577} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{830D3AED-2FA9-454F-B266-D931862BBF34} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9BCDD51B-4A7B-446C-8452-D32D38004582} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862} -> Spyware.VirtualBouncer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Dawn.HOME-XJGJW3OA9L\Application Data\Mozilla\Firefox\Profiles\0587nw4g.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Sandy\Application Data\Mozilla\Firefox\Profiles\7488c18q.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Common Files\slscspqn\ssdrntdpdu\afabqfnbn.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\slscspqn\utrrlell\nqaqqeps.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\54DA8A9E-82DC-4B80-A79D-3A168D\5B2FD0D3-E15C-4919-A007-26F28A -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\bH.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup


::Report End

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 September 2005 - 05:37 AM

How bout the WinPFind log??

Lets see if this wont get Panda to Run!

Download the Hoster from here:
http://www.funkytoad.com/download/hoster.zip

Unzip and Extract all Files

Press "Restore Original Hosts" and press "OK"!
Exit Program!


Open Internet Explorer and Click Tools-> If "Reset Web Settings" is lit up-> Click it and allow it to restore IE Default Settings and Reset your Hompage!


Try the Panda Scan again!

#7 Fred newby

Fred newby
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 08 September 2005 - 04:49 AM

I tried to follow the last set of instructions with no positive results. At this point I can not get it to boot. When I turn lit on it posts and windows starts and then cycles through the start-up again. I suspect that the problem all along has been the hard drive and it has finally failed completely. I appreciate your help and time and would further value your opinion on this.

Thanks again,
Fred




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users