Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

How To Remove Process System.exe

(New)
(!)

sgeva2001's Avatar
sgeva2001 sgeva2001 is offline
Member with 237 posts.
THREAD STARTER
 
Join Date: Aug 2003
17-Mar-2006, 01:33 PM #1
How To Remove Process System.exe
I remove the process and it keep coming back.
I think it is virus or alike.
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,530 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
17-Mar-2006, 01:47 PM #2
What location is it in?

Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
sgeva2001's Avatar
sgeva2001 sgeva2001 is offline
Member with 237 posts.
THREAD STARTER
 
Join Date: Aug 2003
17-Mar-2006, 02:30 PM #3
Log File
I do not know its location.
I see it at task manager processes.

Logfile of HijackThis v1.99.1
Scan saved at 20:30:47, on 17/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Programs\Norton Antivirus\navapsvc.exe
F:\Programs\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Programs\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\Programs\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\StartupMonitor.exe
F:\Programs\ZoneAlarm\zapro.exe
F:\Programs\PALM\AlarmApp.exe
F:\Program Files\AutoHotkey\My_srcipts\My_key.exe
F:\Programs\PALM\HOTSYNC.EXE
F:\Program Files\FIREFOX\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Registry Booster\RegistryBooster.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\StartupMonitor.exe
F:\Programs\ZoneAlarm\zapro.exe
G:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Programs\NORTON~2\Navw32.exe
F:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = יום נהדר
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programs\ADOBE\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\Spybot\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programs\Norton Antivirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programs\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PALM.lnk = F:\Programs\PALM\AlarmApp.exe
O4 - Startup: My_key.lnk = F:\Program Files\AutoHotkey\My_srcipts\My_key.exe
O4 - Startup: HotSync Manager.LNK = F:\Programs\PALM\HOTSYNC.EXE
O4 - Startup: AcctMgr.lnk = ?
O4 - Global Startup: ZoneAlarm Pro.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-shaul.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Handle with &Hot Keyboard - F:\Programs\Hot_Key\IEScript.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - (no file)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-shaul.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-shaul.html (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3D19135C-6D38-44AD-80F0-D9318F48726D} (BwOutlook.OutlookIntegrator) - http://wsbd2.072.012.net/commpilot/c.../BwOutlook.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1142333516750
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55D8422E-7CD3-4285-B39F-608A5A4EBAD7}: NameServer = 84.95.14.250,212.116.161.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{55D8422E-7CD3-4285-B39F-608A5A4EBAD7}: NameServer = 84.95.14.250,212.116.161.38
O17 - HKLM\System\CS2\Services\Tcpip\..\{55D8422E-7CD3-4285-B39F-608A5A4EBAD7}: NameServer = 84.95.14.250,212.116.161.38
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Programs\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Programs\NORTON~3\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - F:\Programs\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\Programs\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,530 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
17-Mar-2006, 02:31 PM #4
Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

Install Ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido.
It will prompt you to update click the OK button and it will go to the main screen.
On the left side of the main screen click update.
Click on Start and let it update.
DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
sgeva2001's Avatar
sgeva2001 sgeva2001 is offline
Member with 237 posts.
THREAD STARTER
 
Join Date: Aug 2003
17-Mar-2006, 02:56 PM #5
I update and run today (before 12 hou)r the Ewido in safe mode.
I give it ok for removing what it find.
to run it again in safe mode or I can find the log from the past?
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,530 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
17-Mar-2006, 03:16 PM #6
I don't think a log from the past will do much good. You need to run it again please.
sgeva2001's Avatar
sgeva2001 sgeva2001 is offline
Member with 237 posts.
THREAD STARTER
 
Join Date: Aug 2003
17-Mar-2006, 03:17 PM #7
In safe mode?
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,530 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
17-Mar-2006, 03:18 PM #8
Yes.
sgeva2001's Avatar
sgeva2001 sgeva2001 is offline
Member with 237 posts.
THREAD STARTER
 
Join Date: Aug 2003
17-Mar-2006, 04:52 PM #9
Logfile of HijackThis v1.99.1
Scan saved at 22:51:51, on 17/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Programs\Norton Antivirus\navapsvc.exe
F:\Programs\NORTON~3\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Programs\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
F:\Programs\ZoneAlarm\zapro.exe
F:\Programs\PALM\AlarmApp.exe
F:\Program Files\AutoHotkey\My_srcipts\My_key.exe
F:\Programs\PALM\HOTSYNC.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\Programs\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\FIREFOX\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
F:\Program Files\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = יום נהדר
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programs\ADOBE\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\Spybot\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programs\Norton Antivirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programs\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PALM.lnk = F:\Programs\PALM\AlarmApp.exe
O4 - Startup: My_key.lnk = F:\Program Files\AutoHotkey\My_srcipts\My_key.exe
O4 - Startup: HotSync Manager.LNK = F:\Programs\PALM\HOTSYNC.EXE
O4 - Startup: AcctMgr.lnk = ?
O4 - Global Startup: ZoneAlarm Pro.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-shaul.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Handle with &Hot Keyboard - F:\Programs\Hot_Key\IEScript.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - (no file)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-shaul.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-shaul.html (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3D19135C-6D38-44AD-80F0-D9318F48726D} (BwOutlook.OutlookIntegrator) - http://wsbd2.072.012.net/commpilot/c.../BwOutlook.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1142333516750
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55D8422E-7CD3-4285-B39F-608A5A4EBAD7}: NameServer = 84.95.14.250,212.116.161.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{55D8422E-7CD3-4285-B39F-608A5A4EBAD7}: NameServer = 84.95.14.250,212.116.161.38
O17 - HKLM\System\CS2\Services\Tcpip\..\{55D8422E-7CD3-4285-B39F-608A5A4EBAD7}: NameServer = 84.95.14.250,212.116.161.38
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Programs\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Programs\NORTON~3\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - F:\Programs\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\Programs\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

AND THE FILE LOG OF Ewido :

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 22:41:48, 17/03/2006
+ Report-Checksum: EA517080

+ Scan result:

:mozilla.12:C:\Documents and Settings\Shaul\Application

Data\Mozilla\Firefox\Profiles\fl615dgx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned

with backup
:mozilla.18:C:\Documents and Settings\Shaul\Application

Data\Mozilla\Firefox\Profiles\fl615dgx.default\cookies.txt -> TrackingCookie.Com : Cleaned with

backup
:mozilla.12:C:\Recycled\NPROTECT\00432107.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00432107.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.12:C:\Recycled\NPROTECT\00432111.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00432111.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.6:C:\Recycled\NPROTECT\00432113.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00432113.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.12:C:\Recycled\NPROTECT\00432117.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00432117.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.6:C:\Recycled\NPROTECT\00431484.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.8:C:\Recycled\NPROTECT\00431485.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.8:C:\Recycled\NPROTECT\00431486.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.8:C:\Recycled\NPROTECT\00431521.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.8:C:\Recycled\NPROTECT\00431530.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.11:C:\Recycled\NPROTECT\00431251.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.15:C:\Recycled\NPROTECT\00431251.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.12:C:\Recycled\NPROTECT\00431253.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.16:C:\Recycled\NPROTECT\00431253.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.7:C:\Recycled\NPROTECT\00431256.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.16:C:\Recycled\NPROTECT\00431256.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.6:C:\Recycled\NPROTECT\00431258.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.16:C:\Recycled\NPROTECT\00431258.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.8:C:\Recycled\NPROTECT\00431259.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.19:C:\Recycled\NPROTECT\00431259.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.9:C:\Recycled\NPROTECT\00431261.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.20:C:\Recycled\NPROTECT\00431261.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.11:C:\Recycled\NPROTECT\00431262.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.22:C:\Recycled\NPROTECT\00431262.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.11:C:\Recycled\NPROTECT\00431263.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.22:C:\Recycled\NPROTECT\00431263.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.11:C:\Recycled\NPROTECT\00431264.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.22:C:\Recycled\NPROTECT\00431264.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.11:C:\Recycled\NPROTECT\00431269.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.22:C:\Recycled\NPROTECT\00431269.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.12:C:\Recycled\NPROTECT\00431270.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.22:C:\Recycled\NPROTECT\00431270.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00431271.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.25:C:\Recycled\NPROTECT\00431271.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431272.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431272.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431273.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431273.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431274.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431274.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431275.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431275.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431276.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431276.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431277.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431277.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431278.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431278.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431279.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431279.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431280.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431280.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431281.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431281.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431282.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431282.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431283.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431283.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431284.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431284.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431285.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431285.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431286.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431286.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431287.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431287.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431288.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431288.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00431290.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431290.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.19:C:\Recycled\NPROTECT\00431291.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.27:C:\Recycled\NPROTECT\00431291.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.19:C:\Recycled\NPROTECT\00431292.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.27:C:\Recycled\NPROTECT\00431292.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.19:C:\Recycled\NPROTECT\00431293.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.27:C:\Recycled\NPROTECT\00431293.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.23:C:\Recycled\NPROTECT\00431294.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.31:C:\Recycled\NPROTECT\00431294.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.26:C:\Recycled\NPROTECT\00431295.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.34:C:\Recycled\NPROTECT\00431295.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.27:C:\Recycled\NPROTECT\00431305.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.35:C:\Recycled\NPROTECT\00431305.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.27:C:\Recycled\NPROTECT\00431306.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.35:C:\Recycled\NPROTECT\00431306.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.6:C:\Recycled\NPROTECT\00431307.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.35:C:\Recycled\NPROTECT\00431307.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.6:C:\Recycled\NPROTECT\00431312.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.35:C:\Recycled\NPROTECT\00431312.MOZ -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.6:C:\Recycled\NPROTECT\00431329.txt -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.35:C:\Recycled\NPROTECT\00431329.txt -> TrackingCookie.Casalemedia :

Cleaned with backup
:mozilla.8:C:\Recycled\NPROTECT\00431998.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.9:C:\Recycled\NPROTECT\00431999.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.8:C:\Recycled\NPROTECT\00432003.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.12:C:\Recycled\NPROTECT\00432003.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.6:C:\Recycled\NPROTECT\00432005.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.12:C:\Recycled\NPROTECT\00432005.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.10:C:\Recycled\NPROTECT\00432007.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.14:C:\Recycled\NPROTECT\00432007.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.10:C:\Recycled\NPROTECT\00432008.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.14:C:\Recycled\NPROTECT\00432008.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.6:C:\Recycled\NPROTECT\00432009.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432009.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.11:C:\Recycled\NPROTECT\00432011.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432011.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.6:C:\Recycled\NPROTECT\00432013.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432013.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.11:C:\Recycled\NPROTECT\00432014.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432014.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.11:C:\Recycled\NPROTECT\00432015.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432015.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.6:C:\Recycled\NPROTECT\00432016.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432016.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.11:C:\Recycled\NPROTECT\00432018.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432018.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.6:C:\Recycled\NPROTECT\00432021.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432021.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.6:C:\Recycled\NPROTECT\00432022.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432022.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.11:C:\Recycled\NPROTECT\00432052.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432052.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.6:C:\Recycled\NPROTECT\00432060.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432060.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.6:C:\Recycled\NPROTECT\00432061.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432061.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.6:C:\Recycled\NPROTECT\00432073.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.17:C:\Recycled\NPROTECT\00432073.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.14:C:\Recycled\NPROTECT\00432078.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00432078.MOZ -> TrackingCookie.Com : Cleaned

with backup
:mozilla.12:C:\Recycled\NPROTECT\00432102.MOZ -> TrackingCookie.Statcounter :

Cleaned with backup
:mozilla.18:C:\Recycled\NPROTECT\00432102.MOZ -> TrackingCookie.Com : Cleaned

with backup


::Report End
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,530 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
17-Mar-2006, 05:49 PM #10
Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)

O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - (no file)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - (no file)


Reboot, post a new log.
sgeva2001's Avatar
sgeva2001 sgeva2001 is offline
Member with 237 posts.
THREAD STARTER
 
Join Date: Aug 2003
18-Mar-2006, 03:37 AM #11
Logfile of HijackThis v1.99.1
Scan saved at 09:38:41, on 18/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Programs\Norton Antivirus\navapsvc.exe
F:\Programs\NORTON~3\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
F:\Programs\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Programs\ZoneAlarm\zapro.exe
F:\Programs\PALM\AlarmApp.exe
F:\Program Files\AutoHotkey\My_srcipts\My_key.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\Programs\PALM\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
F:\Programs\Norton Antivirus\SAVScan.exe
F:\Program Files\FIREFOX\firefox.exe
F:\Program Files\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = יום נהדר
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programs\ADOBE\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\Spybot\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programs\Norton Antivirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programs\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PALM.lnk = F:\Programs\PALM\AlarmApp.exe
O4 - Startup: My_key.lnk = F:\Program Files\AutoHotkey\My_srcipts\My_key.exe
O4 - Startup: HotSync Manager.LNK = F:\Programs\PALM\HOTSYNC.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = ?
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-shaul.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Handle with &Hot Keyboard - F:\Programs\Hot_Key\IEScript.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-shaul.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-shaul.html (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3D19135C-6D38-44AD-80F0-D9318F48726D} (BwOutlook.OutlookIntegrator) - http://wsbd2.072.012.net/commpilot/c.../BwOutlook.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1142333516750
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55D8422E-7CD3-4285-B39F-608A5A4EBAD7}: NameServer = 84.95.14.250,212.116.161.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{55D8422E-7CD3-4285-B39F-608A5A4EBAD7}: NameServer = 84.95.14.250,212.116.161.38
O17 - HKLM\System\CS2\Services\Tcpip\..\{55D8422E-7CD3-4285-B39F-608A5A4EBAD7}: NameServer = 84.95.14.250,212.116.161.38
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Programs\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Programs\NORTON~3\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - F:\Programs\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\Programs\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,530 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
18-Mar-2006, 01:56 PM #12
How are things now?
sgeva2001's Avatar
sgeva2001 sgeva2001 is offline
Member with 237 posts.
THREAD STARTER
 
Join Date: Aug 2003
20-Mar-2006, 01:49 AM #13
The same. The process SYSTEM is still running.
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,530 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
20-Mar-2006, 01:51 AM #14
It doesn't show in the HJT log as a running process. Kinda weird.

Please RIGHT-CLICK HERE to download Silent Runner's.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
sgeva2001's Avatar
sgeva2001 sgeva2001 is offline
Member with 237 posts.
THREAD STARTER
 
Join Date: Aug 2003
24-Mar-2006, 02:53 AM #15
Silent Runners LOG
".vbs", revision 44, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"QD FastAndSafe" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Run StartupMonitor" = "StartupMonitor.exe" [null data]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "F:\Programs\ADOBE\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "F:\Programs\Spybot\SDHelper.dll" ["Safer Networking Limited"]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch2 Class"
\InProcServer32\(Default) = "G:\PROGRA~1\FLASHGET\jccatch.dll" ["Amaze Soft"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = (no title provided)
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "F:\Programs\Norton Antivirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{9493BF10-6A0A-11D3-AFB2-00C06C397814}" = "Hot Keyboard"
-> {HKLM...CLSID} = "HotKeyboard_ShellEx"
\InProcServer32\(Default) = "F:\Programs\Hot_Key\HkShExt.dll" ["TB Labs"]
"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}" = "eLicense Control"
-> {HKLM...CLSID} = "eLicense Control"
\InProcServer32\(Default) = "C:\WINDOWS\lcmmfu.cpl" [null data]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\System32\upnpui.dll" [MS]
"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu"
-> {HKLM...CLSID} = "IZArc DragDrop Menu"
\InProcServer32\(Default) = "F:\Programs\IZArc\IZArcCM.dll" [null data]
"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "F:\Programs\IZArc\IZArcCM.dll" [null data]
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\phototoys.dll" [MS]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 DragDrop Shell Extension"
-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Property Sheet Shell Extension"
-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{336B02CE-F88A-4aea-8731-79EF94D3723A}" = "Free AOL & Unlimited Internet.url"
-> {HKLM...CLSID} = "aol"
\InProcServer32\(Default) = "C:\WINDOWS\aod\aodshext.dll" [null data]
"{8D1636FD-CA49-4b4e-90E4-0A20E03A15E8}" = "jetAudio"
-> {HKLM...CLSID} = "JetFlExt"
\InProcServer32\(Default) = "F:\Programs\JetFlExt.dll" ["JetAudio, Inc."]
"{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension"
-> {HKLM...CLSID} = "PropPage Class"
\InProcServer32\(Default) = "F:\Programs\Norton Ghost\GhoShExt.dll" ["Symantec Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "F:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{475A9681-F01B-11d5-BC5E-0050CE184C9B}" = "CrimsonEditor.ShellExt"
-> {HKLM...CLSID} = "CrimsonEditor.ShellExt"
\InProcServer32\(Default) = "F:\Program Files\Crimson\Crimson Editor\ShellExt.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "F:\Programs\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "F:\Program Files\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {HKLM...CLSID} = "Microsoft.AntiSpyware.ShellExecuteHook.1"
\InProcServer32\(Default) = "F:\Program Files\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "F:\Programs\EWIDO security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "F:\Programs\ADOBE\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "F:\Programs\EWIDO security suite\context.dll" ["ewido networks"]
HotKeyboard\(Default) = "{9493BF10-6A0A-11D3-AFB2-00C06C397814}"
-> {HKLM...CLSID} = "HotKeyboard_ShellEx"
\InProcServer32\(Default) = "F:\Programs\Hot_Key\HkShExt.dll" ["TB Labs"]
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "F:\Programs\IZArc\IZArcCM.dll" [null data]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "F:\Programs\Norton Antivirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "F:\Programs\EWIDO security suite\context.dll" ["ewido networks"]
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "F:\Programs\IZArc\IZArcCM.dll" [null data]
jetAudio\(Default) = "{8D1636FD-CA49-4b4e-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt"
\InProcServer32\(Default) = "F:\Programs\JetFlExt.dll" ["JetAudio, Inc."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
HotKeyboard\(Default) = "{9493BF10-6A0A-11D3-AFB2-00C06C397814}"
-> {HKLM...CLSID} = "HotKeyboard_ShellEx"
\InProcServer32\(Default) = "F:\Programs\Hot_Key\HkShExt.dll" ["TB Labs"]
jetAudio\(Default) = "{8D1636FD-CA49-4b4e-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt"
\InProcServer32\(Default) = "F:\Programs\JetFlExt.dll" ["JetAudio, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "F:\Programs\Norton Antivirus\NavShExt.dll" ["Symantec Corporation"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Shaul" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\Shaul\Start Menu\Programs\Startup
"PALM" -> shortcut to: "F:\Programs\PALM\AlarmApp.exe" ["Palm, Inc."]
"My_key" -> shortcut to: "F:\Program Files\AutoHotkey\My_srcipts\My_key.exe" [null data]
"HotSync Manager" -> shortcut to: "F:\Programs\PALM\HOTSYNC.EXE" ["Palm, Inc."]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"ZoneAlarm Pro" -> shortcut to: "F:\Programs\ZoneAlarm\zapro.exe -nopopup" ["Zone Labs Inc."]


Enabled Scheduled Tasks:
------------------------

"Norton SystemWorks One Button Checkup" -> launches: "F:\Programs\OBC.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"]
"Symantec Drmc" -> launches: "C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" [null data]
"Norton AntiVirus - Scan my computer" -> launches: "F:\Programs\NORTON~2\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Norton AntiVirus - Scan my computer - Shaul" -> launches: "F:\Programs\NORTON~2\NAVW32.EXE /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDetect.exe" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalo g5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog 9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
F:\Programs\NetLimiter\nl_lsp.dll [null data], 01 - 05, 21
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "F:\Programs\Norton Antivirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "F:\Programs\Norton Antivirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "G:\PROGRA~1\FLASHGET\fgiebar.dll" ["Amaze Soft"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "F:\Programs\Norton Antivirus\NavShExt.dll" ["Symantec Corporation"]
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{1CB13C88-96B6-11D6-9AF5-D12D26EE1F36}\
"ButtonText" = "AccountLogon"
"MenuText" = "AccountLogon"
"Script" = "C:\WINDOWS\al-popup-shaul.html" [null data]

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "מחקר"

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "G:\PROGRA~1\FLASHGET\flashget.exe" ["Amaze Soft"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
LiveUpdate, LiveUpdate, ""C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"" ["Symantec Corporation"]
Norton AntiVirus Auto Protect Service, navapsvc, ""F:\Programs\Norton Antivirus\navapsvc.exe"" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "F:\Programs\NORTON~3\NPROTECT.EXE" ["Symantec Corporation"]
RIP Listener, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]}
SAVScan, SAVScan, "F:\Programs\Norton Antivirus\SAVScan.exe" ["Symantec Corporation"]
Simple TCP/IP Services, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [MS]
Speed Disk service, Speed Disk service, "F:\Programs\NORTON~3\SPEEDD~1\NOPDB.EXE" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Password Validation, ccPwdSvc, ""C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" ["Symantec Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZONELABS\vsmon.exe -service" ["Zone Labs Inc."]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS]
Canon BJ Language Monitor PIXMA iP1500\Driver = "CNMLM5y.DLL" ["CANON INC."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 47 seconds, including 18 seconds for message boxes)
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑