Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Look2me Spyware And Windows Installer Instantsharedevices


  • Please log in to reply
9 replies to this topic

#1 Rusk350207

Rusk350207

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Newcastle Upon Tyne, England
  • Local time:09:29 PM

Posted 29 August 2006 - 06:08 PM

Hi,

I have had some problems with a spyware program named Look2Me and a virus, I'm unsure on it's name. I have followed all the steps provided on this site to clear these prior to the printing of the below log. The main problem I am now haing is that on booting up my system, the Windows installer trys to install a program named InstantShareDevices which It can't do. How can I stop this?

Logfile of HijackThis v1.99.1
Scan saved at 23:53:57, on 29/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: DiskView - {6A882320-BDD0-4ff4-BE3A-D8BAF82668E9} - C:\Program Files\Vyooh\DiskView\VizBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156710838496
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37960.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\lupcd11n.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:29 PM

Posted 05 September 2006 - 01:25 AM

Hello Rusk350207,

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay.:flowers: We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Rusk350207

Rusk350207
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Newcastle Upon Tyne, England
  • Local time:09:29 PM

Posted 05 September 2006 - 01:13 PM

:thumbsup:
Thank You, I would still like some help and will place a new log as soon as I can.

Cheers

#4 Rusk350207

Rusk350207
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Newcastle Upon Tyne, England
  • Local time:09:29 PM

Posted 05 September 2006 - 02:18 PM

Hi thanks again for your time.

Here is my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 20:09:38, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: DiskView - {6A882320-BDD0-4ff4-BE3A-D8BAF82668E9} - C:\Program Files\Vyooh\DiskView\VizBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156710838496
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37960.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\lupcd11n.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:29 PM

Posted 06 September 2006 - 04:14 AM

Hello,

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please. Please also post a new HijackThis log and let me know how your computer is running.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 Rusk350207

Rusk350207
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Newcastle Upon Tyne, England
  • Local time:09:29 PM

Posted 06 September 2006 - 12:22 PM

Hi,

Below is the combofix log followed by the refreshed hijackthis log. Having run combofix,registry entris were deleted, however the installer stil runs on start-up and the cpu seems far to busy.


Ross - 06-09-06 18:05:30.68
06.09.04BT - Running from: C:\Documents and Settings\Ross\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{EEDCCB1C-08BF-4550-8927-902040552837}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EEDCCB1C-08BF-4550-8927-902040552837}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EEDCCB1C-08BF-4550-8927-902040552837}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EEDCCB1C-08BF-4550-8927-902040552837}\InprocServer32]
@="C:\\WINDOWS\\system32\\lupcd11n.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard1.dat
C:\dfndrff_13.exe
C:\deskbar.exe
C:\kybrdff_13.exe
C:\nwnmff_13.exe
C:\Program Files\Deskbar


((((((((((((((((((((((((((((((( Files Created from 2006-08-06 to 2006-09-06 ))))))))))))))))))))))))))))))))))


2006-09-02 11:30 98,304 -ra------ C:\WINDOWS\system32\RCSigProc.dll
2006-09-02 11:30 944,640 --a------ C:\WINDOWS\system32\NEFLibrary3PS.dll
2006-09-02 11:30 876,544 --a------ C:\WINDOWS\system32\Asteroid6.dll
2006-09-02 11:30 52,224 -ra------ C:\WINDOWS\system32\RedEye.dll
2006-09-02 11:30 495,616 -ra------ C:\WINDOWS\system32\DRAGNKL1.dll
2006-09-02 11:30 42,496 -ra------ C:\WINDOWS\system32\picn20.dll
2006-09-02 11:30 307,200 --a------ C:\WINDOWS\system32\StdFilters3PS.dll
2006-09-02 11:30 180,224 --a------ C:\WINDOWS\system32\Strato4.dll
2006-09-02 11:30 151,552 -ra------ C:\WINDOWS\system32\picn1120.dll
2006-09-02 11:30 143,360 -ra------ C:\WINDOWS\system32\picn1020.dll
2006-09-02 11:30 139,264 --a------ C:\WINDOWS\system32\CML5.dll
2006-09-02 11:29 73,728 --a------ C:\WINDOWS\system32\LFFAX12N.DLL
2006-09-02 11:29 60,416 --a------ C:\WINDOWS\system32\LFPCT12N.DLL
2006-09-02 11:29 434,176 --a------ C:\WINDOWS\system32\DC120V15_32.DLL
2006-09-02 11:29 406,016 --a------ C:\WINDOWS\system32\LTKRN12N.DLL
2006-09-02 11:29 36,864 --a------ C:\WINDOWS\system32\LFPSD12N.DLL
2006-09-02 11:29 358,912 --a------ C:\WINDOWS\system32\LFCMP12N.DLL
2006-09-02 11:29 30,720 --a------ C:\WINDOWS\system32\LFBMP12N.DLL
2006-09-02 11:29 26,112 --a------ C:\WINDOWS\system32\LFPCX12N.DLL
2006-09-02 11:29 259,072 --a------ C:\WINDOWS\system32\LTDIS12N.DLL
2006-09-02 11:29 230,400 --a------ C:\WINDOWS\system32\DC265.DLL
2006-09-02 11:29 207,872 --a------ C:\WINDOWS\system32\LTEFX12N.DLL
2006-09-02 11:29 19,968 --a------ C:\WINDOWS\system32\LFPCD12N.DLL
2006-09-02 11:29 181,248 --a------ C:\WINDOWS\system32\LFPNG12N.DLL
2006-09-02 11:29 164,864 --a------ C:\WINDOWS\system32\LTIMG12N.DLL
2006-09-02 11:29 141,312 --a------ C:\WINDOWS\system32\LFTIF12N.DLL
2006-09-02 11:29 131,072 --a------ C:\WINDOWS\system32\LTFIL12N.DLL
2006-08-28 14:43 24,296 --a------ C:\WINDOWS\icont.exe
2006-08-28 11:42 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-08-10 19:01 81,920 --a------ C:\WINDOWS\system32\W32N50.dll
2006-08-10 19:01 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-02 11:30 -------- d-------- C:\Documents and Settings\Ross\Application Data\Nikon
2006-09-02 11:29 -------- d-------- C:\Program Files\Nikon
2006-09-02 11:29 -------- d-------- C:\Program Files\Common Files\Nikon
2006-08-29 23:52 -------- d-------- C:\Program Files\HijackThis
2006-08-29 23:39 -------- d-------- C:\Program Files\Zone Labs
2006-08-29 20:33 -------- d-------- C:\Documents and Settings\Ross\Application Data\Lavasoft
2006-08-29 20:30 -------- d-------- C:\Program Files\Lavasoft
2006-08-28 14:33 -------- d-------- C:\Documents and Settings\Ross\Application Data\Registry Booster
2006-08-27 23:08 -------- d-------- C:\Program Files\Microsoft Windows OneCare Live
2006-08-27 21:25 -------- d-------- C:\Program Files\Windows Defender
2006-08-27 21:03 -------- d-------- C:\Program Files\Intuwave Ltd
2006-08-27 14:03 -------- d-------- C:\Program Files\Abexo
2006-08-27 14:02 -------- d-------- C:\Documents and Settings\Ross\Application Data\MozillaCleaner
2006-08-27 13:56 -------- d-------- C:\Program Files\3B Software
2006-08-27 13:53 -------- d-------- C:\Program Files\BcInstall Data
2006-08-26 12:58 -------- d-------- C:\Program Files\ChessBase
2006-08-19 18:14 774144 --a------ C:\Program Files\RngInterstitial.dll
2006-08-19 17:46 -------- d-------- C:\Program Files\PCPitstop
2006-08-10 19:07 278528 --a------ C:\Program Files\Common Files\FDEUnInstaller.exe
2006-08-10 19:07 -------- d-------- C:\Program Files\Inventel
2006-08-10 19:06 -------- d-------- C:\Program Files\Orange
2006-08-04 12:18 613208 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-06 19:35 -------- d-------- C:\Program Files\QuickTime
2006-07-06 06:25 345 --a------ C:\Documents and Settings\Ross\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2006-07-06 06:25 0 --a------ C:\Documents and Settings\Ross\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
"LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"LWBMOUSE"="D:\\Program Files\\iWare\\iWare Mouse\\3.2\\MOUSE32A.EXE"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB002\" /M \"Stylus DX3800\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:20,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:20,00,00,00

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06/09/2006 18:11:40.19
ComboFix.txt

Logfile of HijackThis v1.99.1
Scan saved at 18:15:05, on 06/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156710838496
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37960.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:29 PM

Posted 13 September 2006 - 02:39 AM

Hello,

Are you ready to shoot me? I'm sorry for my delayed response. :thumbsup:

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close ewido. Do not run it yet.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
  • In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Restart back into Normal Mode.
In your reply, please post the report from Ewido and a new HijackThis log. Let me know how your computer is running now. I promise I'll watch out for your reply!

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 Rusk350207

Rusk350207
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Newcastle Upon Tyne, England
  • Local time:09:29 PM

Posted 13 September 2006 - 02:49 PM

Hi,

I'm just glad someone can help me mate :thumbsup:

Have done the steps above, the installer still auto runs at reboot and my pc seems really slow at the minute. Here are the 2 logs.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:26:53 13/09/2006

+ Scan result:



C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C7E1185A-0809-4576-A343-8737ACE1FDD8}\RP243\A0066001.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C7E1185A-0809-4576-A343-8737ACE1FDD8}\RP243\A0065999.exe -> Downloader.Adload.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C7E1185A-0809-4576-A343-8737ACE1FDD8}\RP243\A0065998.exe -> Downloader.VB.alg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C7E1185A-0809-4576-A343-8737ACE1FDD8}\RP243\A0065996.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Tabby\Application Data\Mozilla\Firefox\Profiles\nfgopdo3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.281:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.283:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.315:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.332:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ross\Cookies\ross@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ross\Cookies\ross@microsoftuk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ross\Cookies\ross@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Ross\Cookies\ross@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@propertyfinderltd.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@thomascook.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.70:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.522:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.523:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.524:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.75:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.473:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.474:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.79:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.80:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Ross\Cookies\ross@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.10:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.111:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.119:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.136:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.137:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.121:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.122:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.129:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.159:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.160:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.161:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.162:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.163:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.164:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.165:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.166:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.167:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.168:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.169:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.170:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.171:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.172:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.173:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.174:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.175:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.176:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.177:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.178:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.179:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.180:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.181:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.182:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Ross\Cookies\ross@estat[1].txt -> TrackingCookie.Estat : Cleaned.
:mozilla.17:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.18:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.19:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Tabby\Local Settings\Temp\Cookies\tabby@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.614:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.615:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.616:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.617:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.618:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.619:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.27:C:\Documents and Settings\Tabby\Application Data\Mozilla\Firefox\Profiles\nfgopdo3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.28:C:\Documents and Settings\Tabby\Application Data\Mozilla\Firefox\Profiles\nfgopdo3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.29:C:\Documents and Settings\Tabby\Application Data\Mozilla\Firefox\Profiles\nfgopdo3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.30:C:\Documents and Settings\Tabby\Application Data\Mozilla\Firefox\Profiles\nfgopdo3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.242:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.248:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.538:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.539:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.540:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.541:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.43:C:\Documents and Settings\Tabby\Application Data\Mozilla\Firefox\Profiles\nfgopdo3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.549:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.550:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.551:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.552:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.553:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.309:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.310:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.336:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.337:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.338:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.339:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.340:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.54:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.555:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.556:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.557:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.558:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.375:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.110:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.386:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.387:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.388:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.389:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.57:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.58:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.59:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.60:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.70:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Ross\Cookies\ross@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.131:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.132:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.517:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.518:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.563:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.564:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.71:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.72:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\10howe0h.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.392:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.230:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.231:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.562:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Tabby\Local Settings\Temp\Cookies\tabby@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Tabby\Local Settings\Temp\Cookies\tabby@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.394:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.395:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.396:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.397:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.398:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.399:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.400:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.406:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.407:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.7:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.8:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.9:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.424:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.427:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.497:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Ross\Cookies\ross@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.331:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.438:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.445:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.446:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.447:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.448:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.449:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.450:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.10:C:\Documents and Settings\Tabby\Application Data\Mozilla\Firefox\Profiles\nfgopdo3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.479:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.480:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\vif2ei0v.Ross\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Tabby\Application Data\Mozilla\Firefox\Profiles\nfgopdo3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Tabby\Cookies\tabby@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 20:27:39, on 13/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156710838496
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37960.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:29 PM

Posted 17 September 2006 - 12:21 AM

Hello,

This log is much thinner than the first.....was it made in safe mode? If so, I need to see another made in normal mode, please. Ewido looks good, but I'd like to make sure before I give you the okay. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 Rusk350207

Rusk350207
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Newcastle Upon Tyne, England
  • Local time:09:29 PM

Posted 18 September 2006 - 01:18 PM

Here is the hijack this log in normal mode.

Logfile of HijackThis v1.99.1
Scan saved at 19:15:04, on 18/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156710838496
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37960.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

:thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users