Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Hijack This


  • This topic is locked This topic is locked
6 replies to this topic

#1 spidergirl2838

spidergirl2838

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 03 June 2006 - 12:03 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:43:46 PM, on 6/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Q2hyaXM\command.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\wfjgslq.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\defender25.exe
C:\WINDOWS\wfjgslqA.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\Toscdspd\TOSCDSPD.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winsim\sa_PrlJour.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Chris\My Documents\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [defender] C:\\defender25.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [wfjgslqA] C:\WINDOWS\wfjgslqA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [toscdspd] C:\Program Files\Toshiba\Toscdspd\TOSCDSPD.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000228.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124304888140
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\qvartz.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wfjgslq.exe

BC AdBot (Login to Remove)

 


#2 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:05:33 AM

Posted 03 June 2006 - 05:16 AM

You may want to print out these instructions or save it as a text document, and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. Please make sure that you follow this in the right order as I have listed.

=====================================

Download ATF Cleaner
  • Save it to your Desktop.
  • Do not run it yet. We will use this later.
Download Ewido Anti-Malware
  • Install Ewido.
  • When installing, under Additional Options, uncheck:
    • Install background guard
    • Install scan via context menu
  • Launch Ewido.
  • The program will now open the main screen.
  • You will need to update ewido to the latest definition files
    • On the left hand side of the main screen click update.
    • Then click on the Start Update button.
  • The update will start and a progress bar will show the updates being installed.
  • After it has finished, close Ewido, we will use it later.
  • If you are having problems with the updater, you can use this link to manually update ewido Ewido manual updates.
=====================================

Download Brute Force Uninstaller to your desktop.
  • Right click the file on your Desktop, and choose Extract All.
  • Click Next.
  • In the box to choose where to extract the files to:
  • Click Browse.
  • Click on the + sign next to My Computer
  • Click on Local Disk (C:) or whatever your primary drive is.
  • Click Make New Folder
  • Type in BFU
  • Click Next, and uncheck the Show Extracted Files box and then click Finish.
Download alcanshorty.bfu (rightclick on that link and select save as)
  • Save it in the same folder you made earlier - C:\BFU (Important!)
=====================================

Reboot into Safe Mode
  • Restart your computer.
  • Before the Windows logo appear, tap F8 repeatedly.
  • A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
  • This will take a while than usual, so just wait.
=====================================

Run ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

=====================================

Run Ewido
  • Please close all Windows, Programs or Browsers.
  • Open Ewido.
  • Click on scanner at the left side, then click on Complete System Scan.
    • Please don't use the computer while scanning
    • If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose Clean and click Ok.
  • Once the scan has completed, click the button located on the bottom of the screen named Save report.
  • Save the report to your Desktop.
  • Close Ewido.
=====================================

Run Brute Force Uninstaller

Go to Start My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Beside the white box field, click the folder icon: Posted Image : select alcanshorty.bfu
  • Press Execute and let it do its job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
=====================================

Restart your computer

=====================================

In your next reply, please include these log(s):
  • HijackThis log (new)
  • Ewido

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#3 spidergirl2838

spidergirl2838
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 05 June 2006 - 05:03 PM

I just wanted to thank you for taking the time to help me with cleaning up my computer!!



Logfile of HijackThis v1.99.1
Scan saved at 3:57:26 PM, on 6/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Toshiba\Toscdspd\TOSCDSPD.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\My Documents\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [toscdspd] C:\Program Files\Toshiba\Toscdspd\TOSCDSPD.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124304888140
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:29:57 PM, 6/5/2006
+ Report-Checksum: D454E212

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.amo -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.amo\CLSID -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.amo\CurVer -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.amo.1 -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.iiittt -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.iiittt\CLSID -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.iiittt\CurVer -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.iiittt.1 -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.momo -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.momo\CLSID -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.momo\CurVer -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.momo.1 -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.ohb -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.ohb\CLSID -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.ohb\CurVer -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\dsktrf.ohb.1 -> Adware.DesktopTraffic : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT -> Adware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Security -> Adware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Enum -> Adware.NaviSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} -> Adware.iLookup : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-54633260-1860239050-208422201-1006\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-54633260-1860239050-208422201-1006\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-54633260-1860239050-208422201-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} -> Adware.iLookup : Cleaned with backup
HKU\S-1-5-21-54633260-1860239050-208422201-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-54633260-1860239050-208422201-1006\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-54633260-1860239050-208422201-1006\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-54633260-1860239050-208422201-1006\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-54633260-1860239050-208422201-1006\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-54633260-1860239050-208422201-1006\Software\_hsrb -> Adware.HotBar : Cleaned with backup
HKU\S-1-5-21-54633260-1860239050-208422201-1006\Software\_hsrb\kkws -> Adware.HotBar : Cleaned with backup
HKU\S-1-5-21-54633260-1860239050-208422201-1006\Software\_hsrb\ppops -> Adware.HotBar : Cleaned with backup
HKU\S-1-5-21-54633260-1860239050-208422201-1006\Software\_hsrb\ssites -> Adware.HotBar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} -> Adware.iLookup : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
C:\defender23.exe -> Downloader.VB.adw : Cleaned with backup
C:\defender24.exe -> Hijacker.VB.ly : Cleaned with backup
C:\defender25.exe -> Downloader.Adload.bx : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@pmads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\4P4XX5MK\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\LD4M0SUD\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\Chris\My Documents\New Folder\backups\backup-20060531-012904-818.dll -> Adware.Maxifiles : Cleaned with backup
C:\Documents and Settings\Chris\My Documents\New Folder\backups\backup-20060602-224443-977.dll -> Adware.Maxifiles : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\1 Cool Button Tool Flash 5.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\32bit Convert It v9.57.23.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\32bit Email Broadcaster v9.57.23.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\6 Templates from templatemonster.com.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\A1 Audio Ripper v2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\AbiWorld v2.0.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\AbleFtp v6.26.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Acoustica MP3 Audio Mixer 2.471.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Acoustica MP3 CD Burner 3.01 build 64.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Acronis Privacy Expert Suite v8.0.789.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Active Desktop Calendar 5.8.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Active Whois v2.1.2591.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Actual Drawing v5.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Ad Popup Killer 4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Add Remove Plus 2003 v4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Adult Solitare.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Advanced Color Tool v1.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Alchemist Wizard v1.03.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Arial CD Ripper v1.4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Arial Sound Recorder v1.2.17.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Ashampoo Photo illuminator.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Automize 7.01 Enterprise.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\AutoPlay Media Studio.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Backer 6.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\BackUp DVD Pro 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Backup To CD-RW 5.0.150.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Bad Street Brawler.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Bambi II (2006) DVDrip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Batch Image Resizer v2.10.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Battleship Surface Thunder.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\BitTorrent 3.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Blaze DVD Player 2.0A.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\BloodRayne (Unrated).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Borland Delphi 2006 Lite v3.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Bowling Mania.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Breakneck Racing.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\BrowserBob 4 Professional 4.1.3.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\BVRP Ringtone Media Studio v1.0.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Carom3D v2.39.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Cats & Dogs.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\CD Wave Editor v1.91.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Commander Keen 6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Convert DVDs To MPEGs.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\CoordTrans v1.0.14.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Cosmic Crusader.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\CreateInstall Pro v2003.3.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Daily Inventory v4.7.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Daytona USA.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Death Strike 2006.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\DirectISO 1.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\DiscSafe v2.0.16.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\DSL Speed 2.08.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\DSL Speed v3.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\DVD Genie 4.05.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\DzSoft Perl Editor v5.4 for Windows.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Easy File And Folder Protector v3.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Easy Video To Audio Converter v1.36.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Eudora 6.0.22 Email Pro.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\FairStars Recorder 2.44.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Frontbase Image to Icon v2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\G-Clock 1.1c.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Get Right 4.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Golden Eye v4.11.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\GoldenHawk CDRWin v3.9F.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\GoldWave 5.11.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\GoldWave v5.11.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Goo Girls 16 XXX DVDRip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Icon Cool Studio v1.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\ImToo PSP Video Converter 2.1.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Informaizer Pro v5.31.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Internet Explorer Reader v1.07.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Into The Blue.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\JaSFtp v6.26.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\JPEGDuper 1.0 build 185.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Kaspersky Anti-Hacker 1.7.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Kingdom Of Heaven.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\KoolMoves Flash Editor 5.2.4 With Libraries.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Lavavo Audio CD Ripper 2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Layer Cake.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Logo Creator v5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Macromedia Fireworks MX 2004.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Memory Washer 4.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Merriam-Webster's 11th Collegiate Dictionary.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Microsoft Office 2007 Beta 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Might And Magic.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Mobile, Wireless and Sensor Networks (Book).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Motor City Online.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Motor City Online.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\MP3 Workshop XP 1.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\My Name Is Modesty Blaise.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Napster 2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\NeroMix 1.4.0.7.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\NeroMIX v1.4.0.7.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Network Cable e ADSL Speed 1.0.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Network Monitor v2.62.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Nexagon Deathmatch.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Nicos Commander v5.58.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Night Mission Pinball.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Ocean's Twelve (2006) DVDRip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Ontrack Easyrecovery Professional.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Operation Flashpoint Resistance.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Over The Hedge.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\PDF To HTML v1.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\PhotoLine 32 v12.03.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Phpmaker 2.004.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Plato DVD Ripper 2.32.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Poppers v1.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Poseidon for UML Professional v3.21.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Power Video Converter 1.3.11.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Power Video Converter 1.5.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\PowerISO 3.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Premier Manager 2002-2003.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Privacy Eraser v4.02.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Privates Most Beautiful Breasts XXX DVDRip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Protector Plus 2000 v7.2.E05.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Qualcomm Eudora v6.0.2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Rails Across America.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\RAM Saver Pro v3.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\RealViz Matchmover Pro v4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\RealVNC Enterprise v4.2.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Red Eye.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\River Past Video Cleaner Pro v6.2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Safe XP v1.5.7.14.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Save Flash 2.4.56.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Scorpio Rising XXX DVDRip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Screen VidShot 2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Second In Command.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\See No Evil.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Selteco Flash Designer v5.0.22.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Simpsons Arcade.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Slave Zero.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Slither (2006).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Smart Type Assistant v1.31.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Spam CSI v5.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\SpyRemover 2.21.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Spyware Blaster.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Spyware Doctor v3.2.2.417.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Star Defender.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\STARR PC.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Streetfighter 2 Turbo.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\SWiSHmax ver.1.0 2006 02 01.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\SystemTools Hyena v6.7.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Taking Lives.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Tamara (2006).exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Team America World Police.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Terminator 3 Movie Clip.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\The Upside Of Anger.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Tiff-PDF counter 1.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Tonka 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Transporter 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Trend Micro InterScan VirusWall 6..exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\TweakNow Powerpack 2006 Pro Full.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Twiddlebit Plan for Windows v1.08.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Ultimate Demolition Derby.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\UltraHide 4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\UltraSnap PRO v2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Unreal II The Awakening.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Vacation Rental Tracker Plus v1.3.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Valentine Card s Us.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Video Convert Master 5.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Video Convert Master v3.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\ViewCompanion Pro v4.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Virtual CD v8.0.0.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\VisSim Neural-Net v6.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Win Dvd 5 Platinum.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\WinBackup Pro 2.1.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\Winmpg Dvd Ripper V1.2 Retail.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\WinPIM v7.50.1305.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\WinPIM v7.50.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\WinProducer v3.1 DVD.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\WinRAR 3.60 Beta 4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\WowChart v2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\XLink ClusterBalancer Business Edition 2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\xzxzxzxzxzxz.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\Chris\Shared\_\ZipZag v1.55.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Downloads\PrimeSuspectsGENSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\drsmartload1.exe -> Downloader.Adload.bt : Cleaned with backup
C:\drsmartload849a.exe -> Downloader.Adload.bq : Cleaned with backup
C:\keyboard23.exe -> Backdoor.VB.ary : Cleaned with backup
C:\keyboard24.exe -> Backdoor.VB.ary : Cleaned with backup
C:\keyboard25.exe -> Hijacker.StartPage.aju : Cleaned with backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\newname23.exe -> Downloader.VB.adw : Cleaned with backup
C:\newname24.exe -> Downloader.VB.adw : Cleaned with backup
C:\newname25.exe -> Downloader.VB.abm : Cleaned with backup
C:\Program Files\Atheros\oemres.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\Catcher.dll -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\Catcher.tmp -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\ipwins\ipwins.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup
C:\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\warebundle.exe -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\drsmartload45a.exe -> Downloader.Adload.bq : Cleaned with backup
C:\WINDOWS\drsmartload46a.exe -> Downloader.Adload.bq : Cleaned with backup
C:\WINDOWS\drsmartload849a.exe -> Downloader.Adload.bq : Cleaned with backup
C:\WINDOWS\ms05675437-13532006.exe -> Adware.Enbrow : Cleaned with backup
C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup
C:\WINDOWS\pf79.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\Q2hyaXM\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\Q2hyaXM\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/exdl.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/exul.exe -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\qvartz.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\wfjgslq.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\wfjgslqA.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup


::Report End

#4 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:05:33 AM

Posted 05 June 2006 - 11:18 PM

Great, now let's update your Java.

===

Update Java
  • Go to Start Control Panel Add/Remove Programs.
  • Search for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have this icon next to it: Posted Image
  • Click that entry and then click on the Change/Remove button.
  • Then download and install the newest version from here.
===

Then post a new Hijackthis log for my last review. Also tell us how are things running now! :thumbsup:
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#5 spidergirl2838

spidergirl2838
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 06 June 2006 - 01:04 PM

Things are running WAY better. I have not seen any pop-ups or any of that crap. I uninstalled the demo of McAfee that I had and a friend recommended I try something called antiVir....I hope that keeps some of the crap off my computer. He also suggested I download WinXP Service Pack 2 and Windows Defender.... What do you think?

Now if I could just keep this hunk of junk laptop from overheating and shutting down or freezing up... I would be a happy girl!!!

Again Thanks for all your help!! you are the greatest!! :thumbsup:





Logfile of HijackThis v1.99.1
Scan saved at 11:53:48 AM, on 6/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Toshiba\Toscdspd\TOSCDSPD.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\My Documents\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [toscdspd] C:\Program Files\Toshiba\Toscdspd\TOSCDSPD.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124304888140
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

#6 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:05:33 AM

Posted 06 June 2006 - 09:17 PM

Great, your log is now clean! Posted Image If you still have any other problems/questions, just post them here.

Now that you're clean, please follow these simple steps in order to keep your computer clean and secure:

1.) Re-Hide System Files and Folders:
  • Click Start
  • Open My Computer
  • Select the Tools menu and click Folder Options
  • Select the View tab
  • Deselect the Show hidden files and folders option
  • Select the Hide protected operating system files option
  • Click Yes to confirm
  • Click OK
2.) Reset and Re-enable your System Restore

We need to do this to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Click Start Run ( type: SYSDM.CPL ) OK
  • Click the System Restore tab.
  • Check - Turn off System Restore.
  • Click Apply.
  • Uncheck - Turn off System Restore.
  • Click OK.
You have now flushed your previous System Restore points, so we will make a new one again since your computer is already clean.
  • Go to Start All Programs Accessories System Tools, and select System Restore
  • In the System Restore prompt, select: Create a restore point
  • Click Next
  • Give a description to the new Restore Point. (Something like: Clean PC)
  • Click Create
  • Then close the window
3.) How to Prevent Re-Infection

Please take your time reading on this list, it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Windows Updates (a must!) - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this, open Internet Explorer, then and select Tools Windows Update, and follow the online instructions from there.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • Firewall (a must!) - It is definitely a must have. Two good free versions are Kerio and ZoneAlarm.
  • Anti-Virus (a must!) - It is also a must have. Two good programs are Avast and AVG, they're both free.
    Note: You must only use 1 (one) AV because if you have 2 AVs, it will conflict with each other and will only make your system slow.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#7 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:05:33 AM

Posted 10 June 2006 - 03:13 AM

Since this issue appears resolved... this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Jet Ian
Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users