#1
|
|||
|
|||
![]()
C:\>netstat -a
Active Connections Proto Local Address Foreign Address State TCP studio:135 studio:0 LISTENING TCP studio:251 studio:0 LISTENING TCP studio:445 studio:0 LISTENING TCP studio:31038 studio:0 LISTENING TCP studio:1025 studio:0 LISTENING TCP studio:10110 studio:0 LISTENING TCP studio:139 studio:0 LISTENING UDP studio:445 *:* UDP studio:500 *:* UDP studio:1039 *:* UDP studio:1114 *:* UDP studio:1402 *:* UDP studio:2337 *:* UDP studio:2879 *:* UDP studio:4500 *:* UDP studio:123 *:* UDP studio:1040 *:* UDP studio:1900 *:* UDP studio:123 *:* UDP studio:137 *:* UDP studio:138 *:* UDP studio:1900 *:* |
#2
|
|||
|
|||
![]()
---------------------------------------------------------
ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 08:17:18 9/28/2006 + Scan result: H:\new incoming\Pocket Dvd Wizard 2005 + Key.rar/Pocket Dvd Wizard 2005 Key.exe -> Adware.HotSearchBar : Cleaned with backup (quarantined). H:\new incoming\copilot live 5 keygen crack.rar/copilot live 5 keygen crack.exe -> Adware.HotSearchBar : Cleaned with backup (quarantined). HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined). HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Program Files\eMule\Incoming\Edonkey 2000 0.53 (Pro) + Crack + Edonkey Bot Lite + Donkey Look Up 0.3 + Edonkey Crawler.16Abril2004.por.Hulhio.Pootz.zip/Edonkey 2000 0.53 (Pro) + Crack + Edonkey Bot Lite.16Abril2004.por.Hulhio.Pootz/adremover_dll.vir -> Downloader.Small : Cleaned with backup (quarantined). C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp -> TrackingCookie.247realmedia : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cnetaustralia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp -> TrackingCookie.2o7 : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFD7.tmp -> TrackingCookie.2o7 : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq228E.tmp -> TrackingCookie.Adserver : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq237.tmp -> TrackingCookie.Advertising : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> TrackingCookie.Advertising : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> TrackingCookie.Advertising : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFD8.tmp -> TrackingCookie.Advertising : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> TrackingCookie.Adviva : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> TrackingCookie.Adviva : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrackingCookie.Atdmt : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> TrackingCookie.Bfast : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> TrackingCookie.Bfast : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFD9.tmp -> TrackingCookie.Bfast : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq234.tmp -> TrackingCookie.Bluestreak : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> TrackingCookie.Bluestreak : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1903.tmp -> TrackingCookie.Bridgetrack : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> TrackingCookie.Burstnet : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB7.tmp -> TrackingCookie.Burstnet : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> TrackingCookie.Casalemedia : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq68D.tmp -> TrackingCookie.Casalemedia : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp -> TrackingCookie.Centrport : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Com : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C.tmp -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11B8.tmp -> TrackingCookie.Commission-junction : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF0.tmp -> TrackingCookie.Coremetrics : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEC.tmp -> TrackingCookie.Dbbsrv : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Doubleclick : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB5.tmp -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wfk4eic5ggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wfl4siajigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wfliwidjkko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wfloekdzghq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wflyagcziep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wgkisndzalo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjkosgajkdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjnyepcjkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B.tmp -> TrackingCookie.Falkag : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11B7.tmp -> TrackingCookie.Falkag : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1905.tmp -> TrackingCookie.Falkag : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C7.tmp -> TrackingCookie.Falkag : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.Fastclick : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFDA.tmp -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ehg-darksideprod.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11BA.tmp -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1907.tmp -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1908.tmp -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB8.tmp -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC5F.tmp -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> TrackingCookie.Hitslink : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq235.tmp -> TrackingCookie.Hitslink : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Hitslink : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> TrackingCookie.Hotlog : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq924.tmp -> TrackingCookie.Hypertracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1FFD.tmp -> TrackingCookie.Linksynergy : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B2.tmp -> TrackingCookie.Linksynergy : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned. |
#3
|
|||
|
|||
![]()
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq236.tmp -> TrackingCookie.Mediaplex : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> TrackingCookie.Mediaplex : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp -> TrackingCookie.Onestat : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> TrackingCookie.Paycounter : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDAF.tmp -> TrackingCookie.Paycounter : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> TrackingCookie.Pro-market : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11BC.tmp -> TrackingCookie.Qksrv : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Qksrv : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11BD.tmp -> TrackingCookie.Questionmarket : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Questionmarket : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15F.tmp -> TrackingCookie.Realtracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> TrackingCookie.Realtracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C8.tmp -> TrackingCookie.Revenue : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB6.tmp -> TrackingCookie.Revenue : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1904.tmp -> TrackingCookie.Ru4 : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1902.tmp -> TrackingCookie.Serving-sys : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> TrackingCookie.Serving-sys : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> TrackingCookie.Serving-sys : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB9.tmp -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq228D.tmp -> TrackingCookie.Sexlist : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40C.tmp -> TrackingCookie.Sextracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40D.tmp -> TrackingCookie.Sextracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40E.tmp -> TrackingCookie.Sextracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C9.tmp -> TrackingCookie.Sextracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC60.tmp -> TrackingCookie.Sextracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC61.tmp -> TrackingCookie.Sextracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC62.tmp -> TrackingCookie.Sextracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDB0.tmp -> TrackingCookie.Sextracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDB1.tmp -> TrackingCookie.Sextracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDB2.tmp -> TrackingCookie.Sextracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDB3.tmp -> TrackingCookie.Sextracker : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDB4.tmp -> TrackingCookie.Sextracker : Cleaned. C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp -> TrackingCookie.Spylog : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp -> TrackingCookie.Statcounter : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqFDB.tmp -> TrackingCookie.Statcounter : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq160.tmp -> TrackingCookie.Tacoda : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq164.tmp -> TrackingCookie.Targetnet : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDB5.tmp -> TrackingCookie.Targetnet : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11BF.tmp -> TrackingCookie.Tradedoubler : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp -> TrackingCookie.Tradedoubler : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6CA.tmp -> TrackingCookie.Trafficmp : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> TrackingCookie.Trafficmp : Cleaned. C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp -> TrackingCookie.Tribalfusion : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq68E.tmp -> TrackingCookie.Tribalfusion : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq68.tmp -> TrackingCookie.Valueclick : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq69.tmp -> TrackingCookie.Valueclick : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBA.tmp -> TrackingCookie.Valueclick : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11C0.tmp -> TrackingCookie.Webtrendslive : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6A.tmp -> TrackingCookie.Webtrendslive : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40F.tmp -> TrackingCookie.Xxxcounter : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15D.tmp -> TrackingCookie.Yieldmanager : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11C1.tmp -> TrackingCookie.Zedo : Cleaned. C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp -> TrackingCookie.Zedo : Cleaned. C:\WINDOWS\system32\drivers\etc\HOSTS.bak -> Trojan.Bambo.Hosts.A : Cleaned with backup (quarantined). ::Report end |
#4
|
|||
|
|||
![]()
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT Thursday, September 28, 2006 2:31:59 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 28/09/2006 Kaspersky Anti-Virus database records: 213785 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 115412 Number of viruses found: 3 Number of infected objects: 33 / 0 Number of suspicious objects: 0 Duration of the scan process: 03:53:49 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\307656b9e5fe 9d0856ab53d1e4fca3f3_1d040db8-87f4-49e4-bb9b-1b5c80371b07 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86737ce8f5a1 d1d392c85c8a67732ebb_1d040db8-87f4-49e4-bb9b-1b5c80371b07 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8ee9b52d6bc0 803abe774e9a03ab0c5c_1d040db8-87f4-49e4-bb9b-1b5c80371b07 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\952aa037f93a a2724361fa0069754372_1d040db8-87f4-49e4-bb9b-1b5c80371b07 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9593521a050 9ef7565fc4c27553070f_1d040db8-87f4-49e4-bb9b-1b5c80371b07 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1812413e77b d5b756cbaf0a0dd3fb84_1d040db8-87f4-49e4-bb9b-1b5c80371b07 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Documents\My Music\ALbums\setup.exe Infected: Trojan-Proxy.Win32.Horst.jf skipped C:\Documents and Settings\All Users\Documents\setup.exe Infected: Trojan-Proxy.Win32.Horst.jf skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\AVG7\Log\emc.log Object is locked skipped C:\Documents and Settings\Owner\Desktop\Folders\thursday\nero\share pack\#karaoke-realm sharepack\Excursion9 for #karaoke-realm.zip/Excursion9.4/SDmirc.ini Infected: Backdoor.IRC.Bomber skipped C:\Documents and Settings\Owner\Desktop\Folders\thursday\nero\share pack\#karaoke-realm sharepack\Excursion9 for #karaoke-realm.zip ZIP: infected - 1 skipped C:\Documents and Settings\Owner\Desktop\Folders\thursday\nero\share pack\#karaoke-realm sharepack\SDfind (for invision).zip/SDmirc.ini Infected: Backdoor.IRC.Bomber skipped C:\Documents and Settings\Owner\Desktop\Folders\thursday\nero\share pack\#karaoke-realm sharepack\SDfind (for invision).zip ZIP: infected - 1 skipped C:\Documents and Settings\Owner\Desktop\Folders\thursday\nero\share pack\#karaoke-realm sharepack\sdfind399.zip/sdfind399/SDmirc.ini Infected: Backdoor.IRC.Bomber skipped C:\Documents and Settings\Owner\Desktop\Folders\thursday\nero\share pack\#karaoke-realm sharepack\sdfind399.zip ZIP: infected - 1 skipped C:\Documents and Settings\Owner\Desktop\Folders\thursday\nero\share pack\winamp\Excursion9.4\SDmirc.ini Infected: Backdoor.IRC.Bomber skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006090420060 911\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006091120060 918\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006091820060 925\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006092720060 928\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006092820060 929\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_16e0.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DF81A6.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFA86.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Program Files\Broadband Desktop Help\SmartBridge\AlertFilter.log Object is locked skipped C:\Program Files\Broadband Desktop Help\SmartBridge\log\httpclient.log Object is locked skipped C:\Program Files\Broadband Desktop Help\SmartBridge\SmartBridge.log Object is locked skipped C:\Program Files\mIRC\download\#karaoke-realm sharepack\Excursion9 for #karaoke-realm.zip/Excursion9.4/SDmirc.ini Infected: Backdoor.IRC.Bomber skipped C:\Program Files\mIRC\download\#karaoke-realm sharepack\Excursion9 for #karaoke-realm.zip ZIP: infected - 1 skipped C:\Program Files\mIRC\download\#karaoke-realm sharepack\Excursion9.4\SDmirc.ini Infected: Backdoor.IRC.Bomber skipped C:\Program Files\mIRC\download\#karaoke-realm sharepack\SDfind (for invision).zip/SDmirc.ini Infected: Backdoor.IRC.Bomber skipped C:\Program Files\mIRC\download\#karaoke-realm sharepack\SDfind (for invision).zip ZIP: infected - 1 skipped C:\Program Files\mIRC\download\#karaoke-realm sharepack\sdfind399\SDmirc.ini Infected: Backdoor.IRC.Bomber skipped C:\Program Files\mIRC\download\#karaoke-realm sharepack\sdfind399.zip/sdfind399/SDmirc.ini Infected: Backdoor.IRC.Bomber skipped C:\Program Files\mIRC\download\#karaoke-realm sharepack\sdfind399.zip ZIP: infected - 1 skipped C:\Program Files\mIRC\download\#karaoke-realm_sharepack.zip/#karaoke-realm sharepack/Excursion9 for #karaoke-realm.zip/Excursion9.4/SDmirc.ini Infected: Backdoor.IRC.Bomber skipped C:\Program Files\mIRC\download\#karaoke-realm_sharepack.zip/#karaoke-realm sharepack/Excursion9 for #karaoke-realm.zip Infected: Backdoor.IRC.Bomber skipped C:\Program Files\mIRC\download\#karaoke-realm_sharepack.zip/#karaoke-realm sharepack/SDfind (for invision).zip/SDmirc.ini Infected: Backdoor.IRC.Bomber skipped C:\Program Files\mIRC\download\#karaoke-realm_sharepack.zip/#karaoke-realm sharepack/SDfind (for invision).zip Infected: Backdoor.IRC.Bomber skipped C:\Program Files\mIRC\download\#karaoke-realm_sharepack.zip/#karaoke-realm sharepack/sdfind399.zip/sdfind399/SDmirc.ini Infected: Backdoor.IRC.Bomber skipped C:\Program Files\mIRC\download\#karaoke-realm_sharepack.zip/#karaoke-realm sharepack/sdfind399.zip Infected: Backdoor.IRC.Bomber skipped C:\Program Files\mIRC\download\#karaoke-realm_sharepack.zip ZIP: infected - 6 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\UFantasy.ini Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{A9F916 2E-FF75-4F81-A838-5DAB1F113A96}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_4b8.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\setup.exe Infected: Trojan-Proxy.Win32.Horst.jf skipped |
#5
|
|||
|
|||
![]()
F:\found.000\dir0000.chk\Series 1\the.sopranos.s01e05.dvdrip.xvid-xg.avi Object is locked skipped
F:\found.000\dir0000.chk\Series 2\2.01_-_the_sopranos_-_guy_walks_into_a_psychiatrist's_office_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 2\2.02_-_the_sopranos_-_do_not_resuscitate_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 2\2.03_-_the_sopranos_-_toodle-****ing-oo_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 2\2.04_-_the_sopranos_-_commendatori_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 2\2.05_-_the_sopranos_-_big_girls_don't_cry_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 2\2.06_-_the_sopranos_-_the_happy_wanderer_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 2\2.07_-_the_sopranos_-_d-girl_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 2\2.08_-_the_sopranos_-_full_leather_jacket_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 2\2.09_-_the_sopranos_-_from_where_to_eternity_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 2\2.10_-_the_sopranos_-_bust_out_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 2\2.11_-_the_sopranos_-_house_arrest_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 2\2.12_-_the_sopranos_-_the_knight_in_white_satin_armor_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 2\2.13_-_the_sopranos_-_funhouse_[dvd]_[zr].avi Object is locked skipped F:\found.000\dir0000.chk\Series 3\3.01_-_the_sopranos_-_mr._ruggerio's_neighborhood_[dvd]_[torsius].avi Object is locked skipped F:\found.000\dir0000.chk\Series 3\3.02_-_the_sopranos_-_proshai,_livushka_[dvd]_[torsius].avi Object is locked skipped F:\found.000\dir0000.chk\Series 3\The Sopranos S3 E11 (37) Pine Barrens.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04.e01.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04.e03.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04.e05.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04e02.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04e04.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04e06.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04e07.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04e08.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04e09.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04e10.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04e11.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04e12.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0000.chk\Series 4\sopranos.s04e13.ac3.dvdrip.xvid-anbc.avi Object is locked skipped F:\found.000\dir0001.chk\5.03_-_the_sopranos_-_where's_johnny_[hdtv]_[fov].avi Object is locked skipped F:\found.000\dir0001.chk\5.05_-_the_sopranos_-_irregular_around_the_margins_[hdtv]_[fov].avi Object is locked skipped F:\found.000\dir0001.chk\the.sopranos.5x07.in.came lot.xvid-hdtv-fov.avi Object is locked skipped F:\found.000\dir0001.chk\the.sopranos.s05e06.mpg Object is locked skipped F:\found.000\dir0001.chk\the_sopranos.5x04.all_hap py_families.hdtv_xvid-fov.avi Object is locked skipped F:\found.000\dir0001.chk\the_sopranos.5x08.marco_p olo.hdtv_xvid-fov.avi Object is locked skipped F:\found.000\file0000.chk Object is locked skipped F:\setup.exe Infected: Trojan-Proxy.Win32.Horst.jf skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped H:\programmes\cubase sx3 dongle erase\Cubase Sx 3.0 (Dongle Emulator Crack For Steinberg Cubase Sx v3.0 Dvdrip.zip/CUBASE SX 3.0 (dongle emulator crack for Steinberg Cubase SX v3.0 DVDRip.md/dongle emulator crack/dongle emulator crack.rar/dongle emulator crack/emulator dongle sx3.rar/emulator dongle sx3/emulator cubase sx 3.zip/SpyAnytime.PC.Spy.v2.42.WinALL.Regged-CHiCNCREAM/sapcspy.exe Infected: Trojan-Dropper.Win32.Small.mt skipped H:\programmes\cubase sx3 dongle erase\Cubase Sx 3.0 (Dongle Emulator Crack For Steinberg Cubase Sx v3.0 Dvdrip.zip/CUBASE SX 3.0 (dongle emulator crack for Steinberg Cubase SX v3.0 DVDRip.md/dongle emulator crack/dongle emulator crack.rar/dongle emulator crack/emulator dongle sx3.rar/emulator dongle sx3/emulator cubase sx 3.zip Infected: Trojan-Dropper.Win32.Small.mt skipped H:\programmes\cubase sx3 dongle erase\Cubase Sx 3.0 (Dongle Emulator Crack For Steinberg Cubase Sx v3.0 Dvdrip.zip/CUBASE SX 3.0 (dongle emulator crack for Steinberg Cubase SX v3.0 DVDRip.md/dongle emulator crack/dongle emulator crack.rar/dongle emulator crack/emulator dongle sx3.rar Infected: Trojan-Dropper.Win32.Small.mt skipped H:\programmes\cubase sx3 dongle erase\Cubase Sx 3.0 (Dongle Emulator Crack For Steinberg Cubase Sx v3.0 Dvdrip.zip/CUBASE SX 3.0 (dongle emulator crack for Steinberg Cubase SX v3.0 DVDRip.md/dongle emulator crack/dongle emulator crack.rar Infected: Trojan-Dropper.Win32.Small.mt skipped H:\programmes\cubase sx3 dongle erase\Cubase Sx 3.0 (Dongle Emulator Crack For Steinberg Cubase Sx v3.0 Dvdrip.zip/CUBASE SX 3.0 (dongle emulator crack for Steinberg Cubase SX v3.0 DVDRip.md Infected: Trojan-Dropper.Win32.Small.mt skipped H:\programmes\cubase sx3 dongle erase\Cubase Sx 3.0 (Dongle Emulator Crack For Steinberg Cubase Sx v3.0 Dvdrip.zip ZIP: infected - 5 skipped H:\setup.exe Infected: Trojan-Proxy.Win32.Horst.jf skipped H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. |
#6
|
|||
|
|||
![]()
Logfile of HijackThis v1.99.1
Scan saved at 14:49:31, on 9/28/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\USBStorage\USBDetector.exe C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe C:\WINDOWS\system32\digi96.exe C:\WINDOWS\Res.exe C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\BROADB~1\SMARTB~1\BTHelpNotifier.exe C:\WINDOWS\system32\Task Win\SERVICES.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\SYSTEM32\taskmgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O1 - Hosts: 62.75.224.159 www.bns3.net O1 - Hosts: 62.75.224.159 www.bns4.net O1 - Hosts: 62.75.224.159 www.bns5.net O1 - Hosts: 62.75.224.159 www.bns6.net O1 - Hosts: 62.75.224.159 www.bns7.net O1 - Hosts: 62.75.224.159 www.bns8.net O1 - Hosts: 62.75.224.159 www.cms3.net O1 - Hosts: 62.75.224.159 www.cms4.net O1 - Hosts: 62.75.224.159 www.cms5.net O1 - Hosts: 62.75.224.159 www.cms6.net O1 - Hosts: 62.75.224.159 www.cms7.net O1 - Hosts: 62.75.224.159 www.cms8.net O1 - Hosts: 62.75.224.159 www.rg1.com O1 - Hosts: 62.75.224.159 www.rg2.com O1 - Hosts: 62.75.224.159 www.rg3.com O1 - Hosts: 62.75.224.159 www.rg4.com O1 - Hosts: 62.75.224.159 www.rg5.com O1 - Hosts: 62.75.224.159 www.rg6.com O1 - Hosts: 62.75.224.159 www.rg7.com O1 - Hosts: 62.75.224.159 www.rg8.com O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net O1 - Hosts: 62.75.224.159 j.2004CMS.com O1 - Hosts: 62.75.224.159 2004CMS.com O1 - Hosts: 62.75.224.159 bns1.m7z.net O1 - Hosts: 62.75.224.159 m7z.net O1 - Hosts: 62.75.224.159 www.bns3.net O1 - Hosts: 62.75.224.159 www.bns4.net O1 - Hosts: 62.75.224.159 www.bns5.net O1 - Hosts: 62.75.224.159 www.bns6.net O1 - Hosts: 62.75.224.159 www.bns7.net O1 - Hosts: 62.75.224.159 www.bns8.net O1 - Hosts: 62.75.224.159 www.cms3.net O1 - Hosts: 62.75.224.159 www.cms4.net O1 - Hosts: 62.75.224.159 www.cms5.net O1 - Hosts: 62.75.224.159 www.cms6.net O1 - Hosts: 62.75.224.159 www.cms7.net O1 - Hosts: 62.75.224.159 www.cms8.net O1 - Hosts: 62.75.224.159 www.rg1.com O1 - Hosts: 62.75.224.159 www.rg2.com O1 - Hosts: 62.75.224.159 www.rg3.com O1 - Hosts: 62.75.224.159 www.rg4.com O1 - Hosts: 62.75.224.159 www.rg5.com O1 - Hosts: 62.75.224.159 www.rg6.com O1 - Hosts: 62.75.224.159 www.rg7.com O1 - Hosts: 62.75.224.159 www.rg8.com O1 - Hosts: 62.75.224.159 bns3.net O1 - Hosts: 62.75.224.159 bns4.net O1 - Hosts: 62.75.224.159 bns5.net O1 - Hosts: 62.75.224.159 bns6.net O1 - Hosts: 62.75.224.159 bns7.net O1 - Hosts: 62.75.224.159 bns8.net O1 - Hosts: 62.75.224.159 cms3.net O1 - Hosts: 62.75.224.159 cms4.net O1 - Hosts: 62.75.224.159 cms5.net O1 - Hosts: 62.75.224.159 cms6.net O1 - Hosts: 62.75.224.159 cms7.net O1 - Hosts: 62.75.224.159 cms8.net O1 - Hosts: 62.75.224.159 rg1.com O1 - Hosts: 62.75.224.159 rg2.com O1 - Hosts: 62.75.224.159 rg3.com O1 - Hosts: 62.75.224.159 rg4.com O1 - Hosts: 62.75.224.159 rg5.com O1 - Hosts: 62.75.224.159 rg6.com O1 - Hosts: 62.75.224.159 rg7.com O1 - Hosts: 62.75.224.159 rg8.com O1 - Hosts: 62.75.224.159 www.m7z.net O1 - Hosts: 62.75.224.159 m7z.net O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net O1 - Hosts: 62.75.224.159 j.2004CMS.com O1 - Hosts: 62.75.224.159 2004CMS.com O1 - Hosts: 62.75.224.159 bns1.m7z.net O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - blank (file missing) O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe O4 - HKLM\..\Run: [RMETray] digi96.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O4 - HKLM\..\Run: [USBTool] C:\WINDOWS\Res.exe O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BROADB~1\SMARTB~1\BTHelpNotifier.exe O4 - HKCU\..\Run: [Windows System] C:\WINDOWS\system32\Task Win\SERVICES.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\Broadband Desktop Help\bin\matcli.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NeoWatch\NTXcontext.htm O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\System32\shdocvw.dll (HKCU) |
#7
|
|||
|
|||
![]()
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab O16 - DPF: {29710C4C-4F0F-4A36-8312-CB5614829804} (DriverDetectiveNonMembers.nonmembers) - http://www.drivershq.com/files/cab/nonmember/DriverDetective-nm.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17a43ae170cc8b4d2905/netzip/RdxIE601.cab O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB O16 - DPF: {7C405D1B-4007-11D3-8B8E-00104B3E656F} (SBCRecorderPlayer Control) - https://www.vodafone.net/VoiceRecorder/SBCRP.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697515} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp5_mp3.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BTYahoo!Help//PreQual/files/MotivePreQual.cab O16 - DPF: {C9BEF1E9-21F6-486F-80A2-32D61DE86E5E} - http://www.directxtras.com/speaksforitself/download/ms_sapi.cab O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksforitself/download/speechplugin.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/euras/activex2/euras.CAB O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe |
#8
|
|||
|
|||
![]()
I'll have a good look at this tomorrow but there are quite a few infections present.
You really must stop downloading contraband until you're equipped to deal with the consequences! |
#9
|
|||
|
|||
![]()
yes, hands up, my friend, you are quite correct.
we live and learn. hopefully |
#10
|
|||
|
|||
![]()
You seem to have installed unnecessary software for a USB drive or similar. WinXP doesn't need it.
Uninstall anything that you don't know or don't use. Seriously think about removing the Google and Yahoo toolbars. Disable System Restore on all drives and reboot. Delete all files quarantined by your AV and Ewido etc. Close down all programs and empty all temp folders using ATF Cleaner. Run HijackThis! and "fix" the following entries: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O1 - Hosts: 62.75.224.159 www.bns3.net O1 - Hosts: 62.75.224.159 www.bns4.net O1 - Hosts: 62.75.224.159 www.bns5.net O1 - Hosts: 62.75.224.159 www.bns6.net O1 - Hosts: 62.75.224.159 www.bns7.net O1 - Hosts: 62.75.224.159 www.bns8.net O1 - Hosts: 62.75.224.159 www.cms3.net O1 - Hosts: 62.75.224.159 www.cms4.net O1 - Hosts: 62.75.224.159 www.cms5.net O1 - Hosts: 62.75.224.159 www.cms6.net O1 - Hosts: 62.75.224.159 www.cms7.net O1 - Hosts: 62.75.224.159 www.cms8.net O1 - Hosts: 62.75.224.159 www.rg1.com O1 - Hosts: 62.75.224.159 www.rg2.com O1 - Hosts: 62.75.224.159 www.rg3.com O1 - Hosts: 62.75.224.159 www.rg4.com O1 - Hosts: 62.75.224.159 www.rg5.com O1 - Hosts: 62.75.224.159 www.rg6.com O1 - Hosts: 62.75.224.159 www.rg7.com O1 - Hosts: 62.75.224.159 www.rg8.com O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net O1 - Hosts: 62.75.224.159 j.2004CMS.com O1 - Hosts: 62.75.224.159 2004CMS.com O1 - Hosts: 62.75.224.159 bns1.m7z.net O1 - Hosts: 62.75.224.159 m7z.net O1 - Hosts: 62.75.224.159 www.bns3.net O1 - Hosts: 62.75.224.159 www.bns4.net O1 - Hosts: 62.75.224.159 www.bns5.net O1 - Hosts: 62.75.224.159 www.bns6.net O1 - Hosts: 62.75.224.159 www.bns7.net O1 - Hosts: 62.75.224.159 www.bns8.net O1 - Hosts: 62.75.224.159 www.cms3.net O1 - Hosts: 62.75.224.159 www.cms4.net O1 - Hosts: 62.75.224.159 www.cms5.net O1 - Hosts: 62.75.224.159 www.cms6.net O1 - Hosts: 62.75.224.159 www.cms7.net O1 - Hosts: 62.75.224.159 www.cms8.net O1 - Hosts: 62.75.224.159 www.rg1.com O1 - Hosts: 62.75.224.159 www.rg2.com O1 - Hosts: 62.75.224.159 www.rg3.com O1 - Hosts: 62.75.224.159 www.rg4.com O1 - Hosts: 62.75.224.159 www.rg5.com O1 - Hosts: 62.75.224.159 www.rg6.com O1 - Hosts: 62.75.224.159 www.rg7.com O1 - Hosts: 62.75.224.159 www.rg8.com O1 - Hosts: 62.75.224.159 bns3.net O1 - Hosts: 62.75.224.159 bns4.net O1 - Hosts: 62.75.224.159 bns5.net O1 - Hosts: 62.75.224.159 bns6.net O1 - Hosts: 62.75.224.159 bns7.net O1 - Hosts: 62.75.224.159 bns8.net O1 - Hosts: 62.75.224.159 cms3.net O1 - Hosts: 62.75.224.159 cms4.net O1 - Hosts: 62.75.224.159 cms5.net O1 - Hosts: 62.75.224.159 cms6.net O1 - Hosts: 62.75.224.159 cms7.net O1 - Hosts: 62.75.224.159 cms8.net O1 - Hosts: 62.75.224.159 rg1.com O1 - Hosts: 62.75.224.159 rg2.com O1 - Hosts: 62.75.224.159 rg3.com O1 - Hosts: 62.75.224.159 rg4.com O1 - Hosts: 62.75.224.159 rg5.com O1 - Hosts: 62.75.224.159 rg6.com O1 - Hosts: 62.75.224.159 rg7.com O1 - Hosts: 62.75.224.159 rg8.com O1 - Hosts: 62.75.224.159 www.m7z.net O1 - Hosts: 62.75.224.159 m7z.net O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net O1 - Hosts: 62.75.224.159 j.2004CMS.com O1 - Hosts: 62.75.224.159 2004CMS.com O1 - Hosts: 62.75.224.159 bns1.m7z.net O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - blank (file missing) C:\WINDOWS\system32\Task Win\SERVICES.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {29710C4C-4F0F-4A36-8312-CB5614829804} (DriverDetectiveNonMembers.nonmembers) - http://www.drivershq.com/files/cab/nonmember/DriverDetective-nm.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab O16 - DPF: {C9BEF1E9-21F6-486F-80A2-32D61DE86E5E} - http://www.directxtras.com/speaksforitself/download/ms_sapi.cab O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksforitself/download/speechplugin.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/euras/activex2/euras.CAB O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Reboot to Safe Mode, search for and delete the following files and/or folders if they still exist: C:\Documents and Settings\Owner\Desktop\Folders\thursday\nero\share pack\#karaoke-realm sharepack\Excursion9 for #karaoke-realm.zip C:\Documents and Settings\Owner\Desktop\Folders\thursday\nero\share pack\#karaoke-realm sharepack\sdfind399.zip F:\setup.exe D:\setup.exe H:\programmes\cubase sx3 dongle erase\ H:\setup.exe C:\WINDOWS\system32\Task Win\SERVICES.exe Reboot normally, re-run HJT! and post another log. |
#11
|
|||
|
|||
![]()
Apologies Zero for over 2 weeks since last reply from me, in that time 'computer 1' has been offline.
Today I did the fixes you suggested, and here is the log from HJT Logfile of HijackThis v1.99.1 Scan saved at 15:16:28, on 10/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\USBStorage\USBDetector.exe C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe C:\WINDOWS\system32\digi96.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\Res.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Hijackthis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe O4 - HKLM\..\Run: [RMETray] digi96.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O4 - HKLM\..\Run: [USBTool] C:\WINDOWS\Res.exe O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BROADB~1\SMARTB~1\BTHelpNotifier.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NeoWatch\NTXcontext.htm O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (file missing) O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\System32\shdocvw.dll (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll |
#12
|
|||
|
|||
![]()
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe...nttracking.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17a43ae1...p/RdxIE601.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {7C405D1B-4007-11D3-8B8E-00104B3E656F} (SBCRecorderPlayer Control) - https://www.vodafone.net/VoiceRecorder/SBCRP.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697515} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp5_mp3.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com...ivePreQual.cab O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksfor...eechplugin.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup151.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe |
#13
|
|||
|
|||
![]()
What is your actual setup with regard to connectivity? Is your network enabled via a crossover cable and a SpeedTouch modem?
Are you intentionally running SyncroSoft? Uninstall the Google, Yahoo and MSN crud if you don't use it. You've also installed drivers for a USB pen device or USB drive. WinXP doesn't need these drivers; they're used for 98x/ME systems which don't support MSD. Re-run HijackThis! and fix the following entries: O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BROADB~1\SMARTB~1\BTHelpNotifier.exe O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (file missing) O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (file missing) O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com...ivePreQual.cab O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksfor...eechplugin.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup151.cab O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Also fix any other 016 entries such as those from eBay and Egg etc that you're not sure about. Once we know how your network is set up we can discuss methods of tightening up your security. |
#14
|
|||
|
|||
![]()
connectivety setup is,
sppedtouch modem connects to main pc (which we sorted in other forum posts) - via usb main pc then coneects to an Aztel 5 port switching hub / router. 'Computer 1' connects to this unit 'Computer 2' (wifes laptop) connects to this hub occasionally also (currently offline) I got rid of msn toolbar, think i got rid of yahoo toolbar (difficult to unistall, it came as part of BT software which was all over the machine) Trying to get rid of the USB toolbox driver thingy, but keeps reappearing after uninstalling, that came with a usb drive i installed - will try to get shot. I use msn messenger, so would like to keep that. The syncrosoft running is a software dongle key for Cubase, erm 'evaluation' software....(which i evaluate with.) heres the latest HJT log... Logfile of HijackThis v1.99.1 Scan saved at 15:37:21, on 10/19/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe C:\WINDOWS\system32\digi96.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\Res.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Hijackthis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe |
#15
|
|||
|
|||
![]()
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe O4 - HKLM\..\Run: [RMETray] digi96.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O4 - HKLM\..\Run: [USBTool] C:\WINDOWS\Res.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NeoWatch\NTXcontext.htm O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\System32\shdocvw.dll (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17a43ae170cc8b4d2905/netzip/RdxIE601.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe |
#16
|
|||
|
|||
![]()
The USB driver entries can be fixed and that may help with the programs uninstallation routine:
O4 - HKLM\..\Run: [RMETray] digi96.exe O4 - HKLM\..\Run: [USBTool] C:\WINDOWS\Res.exe You can also safely fix any line that references Yahoo or BT and 016 entry that you aren't specifically aware of. You have an anti virus solution and some anti trojan protection in Ewido but you really need firewall protection as well. There are several free offerings available although Kerio 215 is light, fairly easy to configure and administer and it's pretty effective. Download, install and update SpywareBlaster. Set it to "Enable All Protection" and that's basically it. You simply need to keep it updated. Download, install and update Spybot S&D. Update and run this regularly. Update and run Ewido regularly. Remember to check all downloads and any files off unknown CDs etc with both Ewido and AVG before opening them. (De-archive any Zip or RaR etc files first). Run the occasional online AV scan at Kaspersky or Trend etc. |
![]() |
Tags |
123, cable, computer, crack, files, free, google, hijack, hijackthis, home, internet, key, line, messenger, modem, music, network, online, security, settings, share, software, speed, speedtouch, tools, trojan, virus, web, windows |
Thread Tools | |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Tesco broadband speed | tinminer | Tesco ADSL Broadband | 38 | 12-July-2007 14:22 |
Tesco BB Speed Increase | bertster | Tesco ADSL Broadband | 58 | 29-September-2005 00:35 |
Internet secutiy test results | bloodhound | PC Security | 7 | 01-March-2004 15:18 |
Mr recent broadband speed test | Mr Pedantic | Broadband Internet Access | 9 | 22-September-2003 14:21 |
You know you're a computer nerd when... | katie | General Chatty Stuff | 2 | 17-February-2002 18:52 |