1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help,blue.exe,red.exe,vipza.exe

Discussion in 'Windows XP' started by duka, Jul 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. duka

    duka Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    98
    hello,
    first time user so apologies if not yet with it. i have looked at the security forum and i have similar problems to member smiggy. computer is very slow, something called project1 tries to start but fails, i have ran avg free and it finds virus,,, the masters.exe,system23.exe.vipza.exe,mmxxxxmas.exe,blue.exe.red.exe, but cannot heal them. i have tried spybot, adaware and spysweeper. here is the copy of hjt after running spysweeper and re booting thanks


    Logfile of HijackThis v1.99.1
    Scan saved at 20:12:23, on 17/07/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\APPATC~1\alg.exe
    C:\Documents and Settings\User\Application Data\??mantec\l?gonui.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\User\My Documents\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.eircom.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by eircom net.
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\gebxywx.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
    O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe
    O4 - HKLM\..\Run: [DriveWiz] C:\DriveWiz\Autosync.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ImageSync] C:\DriveWiz\ImgSync.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [rmkk] C:\Program Files\Common Files\rmkk\rmkkm.exe
    O4 - HKCU\..\Run: [Caap] "C:\PROGRA~1\COMMON~1\APPATC~1\alg.exe" -vt yazr
    O4 - HKCU\..\Run: [Uwrezd] C:\Documents and Settings\User\Application Data\??mantec\l?gonui.exe
    O4 - HKCU\..\Run: [VCS Host] vcshost.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYIE
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.eircom.net
    O20 - AppInit_DLLs: repairs303169581.dll
    O20 - Winlogon Notify: Extensions - C:\WINDOWS\
    O20 - Winlogon Notify: gebxywx - C:\WINDOWS\SYSTEM32\gebxywx.dll
    O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\k062lajo1doc.dll (file missing)
    O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\lv6409jqe.dll (file missing)
    O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\g4040edqeh0e0.dll (file missing)
    O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\vua.dll (file missing)
    O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\cBrds.dll (file missing)
    O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\auptif.dll (file missing)
    O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\auptif.dll (file missing)
    O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\cqrtmgr.dll (file missing)
    O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\m628lgfu1628.dll (file missing)
    O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\azaqlgd5160.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
    O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.
    · Double-click VundoFix.exe to run it.
    · Click the Scan for Vundo button.
    · Once it's done scanning, click the Remove Vundo button.
    · You will receive a prompt asking if you want to remove the files, click YES
    · Once you click yes, your desktop will go blank as it starts removing Vundo.
    · When completed, it will prompt that it will shutdown your computer, click OK.
    · Turn your computer back on.
    · Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    ==================

    1. Download this file :

    http://download.bleepingcomputer.com/sUBs/combofix.exe
    http://www.techsupportforum.com/sectools/combofix.exe

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall
    ======================
    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · Run the application
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Apply all actions
    · look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    RE-Boot
    Post that log and a new HiJack log
     
  3. duka

    duka Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    98
    Thanks for your help

    so far i have the log files an hjt for vundo and comboxfix, will run ewido tonight and post that, logs as follows

    VundoFix V5.1.4

    Checking Java version...

    Sun Java not detected
    Scan started at 22:03:40 18/07/2006

    Listing files found while scanning....

    C:\windows\system32\gebxywx.dll

    Beginning removal...

    The process smss.exe could not be stopped
    Vundofix may not be able to delete some files that were found.

    The process winlogon.exe could not be stopped
    Vundofix may not be able to delete some files that were found.

    The process explorer.exe was successfully stopped

    The process iexplore.exe was successfully stopped

    The process rundll32.exe was successfully stopped

    Attempting to delete C:\windows\system32\gebxywx.dll
    C:\windows\system32\gebxywx.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!


    Logfile of HijackThis v1.99.1
    Scan saved at 22:39:13, on 18/07/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\DriveWiz\Autosync.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\DriveWiz\ImgSync.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\APPATC~1\alg.exe
    C:\Documents and Settings\User\Application Data\??mantec\l?gonui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\User\My Documents\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.eircom.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by eircom net.
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
    O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe
    O4 - HKLM\..\Run: [DriveWiz] C:\DriveWiz\Autosync.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ImageSync] C:\DriveWiz\ImgSync.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [rmkk] C:\Program Files\Common Files\rmkk\rmkkm.exe
    O4 - HKCU\..\Run: [Caap] "C:\PROGRA~1\COMMON~1\APPATC~1\alg.exe" -vt yazr
    O4 - HKCU\..\Run: [Uwrezd] C:\Documents and Settings\User\Application Data\??mantec\l?gonui.exe
    O4 - HKCU\..\Run: [VCS Host] vcshost.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYIE
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.eircom.net
    O20 - AppInit_DLLs: repairs303169581.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
    O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    Start Time= 19/07/2006 7:27:03.22
    Running from: C:\Documents and Settings\User\Desktop

    ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urstt
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    REGISTRY ENTRIES REMOVED:

    [HKEY_CLASSES_ROOT\clsid\{ADF11A0C-4FB7-4503-8932-7461A9EC1B1B}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{ADF11A0C-4FB7-4503-8932-7461A9EC1B1B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{ADF11A0C-4FB7-4503-8932-7461A9EC1B1B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{ADF11A0C-4FB7-4503-8932-7461A9EC1B1B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\izq.dll"
    "ThreadingModel"="Apartment"

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    FILES REMOVED:

    C:\WINDOWS\system32\guard.tmp


    Granting sedebugprivilege to Administrators ... successful


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Mendoza1.exe
    C:\dfndrad_5.exe
    C:\nwnmad_5.exe
    C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\ERYRSXYD\drsmartload[1].exe
    C:\warebundle2.exe
    C:\warebundlenewer.exe
    C:\WINDOWS\uninstall_nmon.vbs
    C:\Program Files\snowball wars
    C:\Program Files\Common Files\misc001
    C:\Program Files\Common Files\simtest
    C:\Program Files\Common Files\svchostsys


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



    2006-07-19 07:35 539,429 C:\WINDOWS\system32\ttsru.ini
    2006-07-19 07:34 <DIR> C:\Program Files\common files
    2006-07-18 21:39 538,831 C:\WINDOWS\system32\ttsru.bak1
    2006-07-18 21:36 573,492 C:\WINDOWS\system32\urstt.dll
    2006-07-17 19:19 <DIR> C:\Documents and Settings\User\Application Data\webroot
    2006-07-17 19:17 <DIR> C:\Program Files\webroot
    2006-07-17 19:11 264 C:\WINDOWS\system.ini
    2006-07-17 19:11 2,964 C:\WINDOWS\win.ini
    2006-07-17 18:57 573,492 C:\WINDOWS\system32\nnnno.dll
    2006-07-16 20:22 0 C:\WINDOWS\pestpatrol5.ini
    2006-07-16 20:17 <DIR> C:\Program Files\Common Files\scanner
    2006-07-16 20:16 <DIR> C:\Program Files\ca
    2006-07-15 11:03 81,920 C:\WINDOWS\system32\dvdplay.dll
    2006-07-15 11:03 2 C:\WINDOWS\system32\wtscc.exe
    2006-07-15 11:03 <DIR> C:\Program Files\Common Files\??stem ( stem~1 )
    2006-07-15 11:03 <DIR> C:\Documents and Settings\User\Application Data\??mantec ( mantec~1 )
    2006-07-15 10:59 <DIR> C:\Program Files\windows
    2006-07-15 10:58 <DIR> C:\Program Files\outlook express
    2006-07-15 09:54 <DIR> C:\Program Files\norton systemworks
    2006-07-14 22:42 <DIR> C:\Program Files\Common Files\symantec shared
    2006-07-14 22:39 <DIR> C:\Program Files\symantec
    2006-07-14 22:32 <DIR> C:\Program Files\avicreator
    2006-07-14 21:24 <DIR> C:\Program Files\greenstreet
    2006-07-14 21:11 <DIR> C:\Program Files\internet explorer
    2006-07-14 20:40 776,096 C:\WINDOWS\system32\drivers\avg7core.sys
    2006-07-14 20:38 <DIR> C:\Documents and Settings\User\Application Data\avg7
    2006-07-14 20:37 4,992 C:\WINDOWS\system32\drivers\avgtdi.sys
    2006-07-14 20:37 4,288 C:\WINDOWS\system32\drivers\avg7rsw.sys
    2006-07-14 20:37 27,776 C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2006-07-14 20:36 <DIR> C:\Program Files\grisoft
    2006-07-14 20:36 <DIR> C:\Documents and Settings\User\Application Data\microsoft
    2006-07-14 20:32 <DIR> C:\Program Files\movie maker
    2006-07-14 20:29 <DIR> C:\Program Files\norton antivirus
    2006-07-14 20:02 <DIR> C:\Program Files\Common Files\rmkk
    2006-07-14 18:32 356,120 C:\WINDOWS\system32\perfstringbackup.ini
    2006-07-14 18:28 86 C:\WINDOWS\mirror32.ini
    2006-07-13 22:33 39,437 C:\WINDOWS\system32\gebxywx.dll
    2006-07-13 22:33 <DIR> C:\Program Files\Common Files\a?ppatch ( appatc~1 )
    2006-07-13 20:30 <DIR> C:\Documents and Settings\User\Application Data\help
    2006-07-13 20:26 69 C:\WINDOWS\v2wizdrv.sys
    2006-07-13 20:25 24,576 C:\WINDOWS\system32\dzinstex.dll
    2006-07-11 22:32 <DIR> C:\Program Files\powerquest
    2006-07-11 20:16 25 C:\WINDOWS\system32\dwzprover.ini
    2006-07-11 19:49 <DIR> C:\Program Files\installshield installation information
    2006-06-19 21:29 376 C:\WINDOWS\odbc.ini
    2006-06-19 21:22 <DIR> C:\Program Files\Common Files\microsoft shared
    2006-06-19 21:13 <DIR> C:\Program Files\microsoft office
    2006-06-15 21:17 <DIR> C:\Documents and Settings\User\Application Data\??ppatch ( ppatch~1 )
    2006-06-03 16:46 <DIR> C:\Documents and Settings\User\Application Data\çasks
    2006-05-29 20:25 <DIR> C:\Program Files\Common Files\f?nts ( fnts~1 )
    2006-05-21 10:42 471,040 C:\WINDOWS\gadget & gadgetinis.scr
    2006-05-21 10:42 12,288 C:\WINDOWS\impborl.dll
    2006-05-12 18:07 316 C:\WINDOWS\mm06y.ini
    2006-05-12 18:05 218,023 C:\red.exe
    2006-05-12 10:35 <DIR> C:\Program Files\lavasoft
    2006-05-12 10:35 <DIR> C:\Documents and Settings\User\Application Data\lavasoft
    2006-05-12 10:33 <DIR> C:\Program Files\panicware
    2006-05-12 10:32 <DIR> C:\Program Files\cleanmypc popup blocker
    2006-05-10 23:12 <DIR> C:\Program Files\google
    2006-05-10 23:01 <DIR> C:\Documents and Settings\User\Application Data\google
    2006-05-10 22:55 <DIR> C:\Program Files\windows media player
    2006-05-10 22:46 177 C:\WINDOWS\disney.ini
    2006-05-10 10:49 <DIR> C:\Program Files\spybot - search & destroy
    2006-05-09 13:30 <DIR> C:\Program Files\?ymbols ( ymbols~1 )
    2006-05-09 13:18 <DIR> C:\Program Files\tvpoker
    2006-05-08 01:12 39 C:\m3allim.bat
    2006-05-08 01:08 67,528 C:\mmxxxxmas2.exe
    2006-05-06 21:50 33,310 C:\WINDOWS\partypoker1.exe
    2006-05-05 22:22 <DIR> C:\Documents and Settings\User\Application Data\?racle ( racle~1 )
    2006-05-02 23:37 235,659 C:\WINDOWS\system32\l64qlgh5164.dll
    2006-05-02 23:36 421,126 C:\masterz.exe
    2006-05-01 21:05 66,897 C:\whcc2.exe
    2006-05-01 20:29 <DIR> C:\Program Files\spyware doctor
    2006-05-01 20:29 <DIR> C:\Program Files\poker challenge
    2006-05-01 20:29 <DIR> C:\Program Files\empirepoker
    2006-05-01 11:09 518 C:\WINDOWS\hegames.ini
    2006-04-22 17:18 21,592 C:\WINDOWS\system32\setup_51233.exe
    2006-04-18 14:39 139,264 C:\WINDOWS\system32\qfn.dll
    2006-01-08 19:11 <DIR> C:\Program Files\ea sports
    2005-11-14 15:55 <DIR> C:\Program Files\navdiag
    2005-11-02 22:43 <DIR> C:\Program Files\mvp software
    2005-10-09 21:22 <DIR> C:\Documents and Settings\User\Application Data\olympus
    2005-10-09 21:15 <DIR> C:\Program Files\olympus
    2005-10-09 21:09 <DIR> C:\Program Files\pixela
    2005-10-09 21:09 <DIR> C:\Program Files\Common Files\installshield
    2005-05-31 21:16 <DIR> C:\Program Files\freeloader.com
    2005-05-26 19:09 <DIR> C:\Program Files\microsoft games
    2005-05-23 21:28 <DIR> C:\Documents and Settings\User\Application Data\msn6
    2005-04-06 11:51 <DIR> C:\Program Files\netopia
    2005-03-02 20:28 <DIR> C:\Program Files\registryfix
    2005-02-24 18:25 <DIR> C:\Program Files\two lights entertainment
    2005-02-11 21:08 <DIR> C:\Program Files\windowsupdate
    2005-02-06 23:05 <DIR> C:\Documents and Settings\User\Application Data\identities
    2005-02-03 21:38 <DIR> C:\Program Files\hasbro interactive
    2005-02-03 21:19 <DIR> C:\Documents and Settings\User\Application Data\disney interactive
    2004-10-28 14:04 <DIR> C:\Program Files\the learning company
    2004-09-11 17:45 <DIR> C:\Documents and Settings\User\Application Data\microsoft web folders
    2004-09-11 17:44 <DIR> C:\Program Files\microsoft frontpage
    2004-08-26 21:54 <DIR> C:\Program Files\bond
    2004-08-26 21:46 <DIR> C:\Program Files\jb1
    2004-08-26 21:45 <DIR> C:\Program Files\Common Files\wise installation wizard
    2004-07-18 02:55 <DIR> C:\Program Files\Common Files\adobe
    2004-07-18 02:55 <DIR> C:\Documents and Settings\User\Application Data\adobe
    2004-07-14 23:59 <DIR> C:\Documents and Settings\User\Application Data\macromedia
    2004-07-10 21:53 <DIR> C:\Program Files\directx
    2004-07-10 21:53 <DIR> C:\Program Files\digital dream co europe ltd
    2004-07-10 21:52 <DIR> C:\Program Files\adobe
    2004-07-10 21:52 <DIR> C:\Documents and Settings\User\Application Data\intertrust
    2004-07-10 21:29 <DIR> C:\Program Files\quicktime
    2004-07-10 18:36 <DIR> C:\Program Files\Common Files\kodak
    2004-07-01 18:46 <DIR> C:\Program Files\hp deskjet 3820 series
    2004-07-01 18:46 <DIR> C:\Program Files\hewlett-packard
    2004-07-01 18:40 <DIR> C:\Program Files\visioneer
    2004-07-01 18:36 <DIR> C:\Program Files\Common Files\scansoft shared
    2004-07-01 18:34 <DIR> C:\Program Files\scansoft
    2004-06-30 17:56 <DIR> C:\Program Files\cyberlink
    2004-06-30 17:48 <DIR> C:\Program Files\microsoft activesync
    2004-06-30 17:47 <DIR> C:\Program Files\microsoft visual studio
    2004-06-30 17:47 <DIR> C:\Program Files\Common Files\designer
    2004-06-30 17:46 <DIR> C:\Program Files\Common Files\system
    2004-06-30 17:46 <DIR> C:\Program Files\Common Files\??stem ( system )
    2004-06-30 17:45 <DIR> C:\Program Files\Common Files\l&h
    2004-06-30 17:38 <DIR> C:\Documents and Settings\User\Application Data\symantec
    2004-06-30 17:38 <DIR> C:\Documents and Settings\User\Application Data\??mantec ( symantec )
    2004-06-30 17:33 <DIR> C:\Program Files\netmeeting
    2004-06-30 17:32 <DIR> C:\Program Files\Common Files\speechengines
    2004-06-30 17:32 <DIR> C:\Program Files\Common Files\odbc
    2004-06-30 17:13 <DIR> C:\Program Files\messenger
    2004-06-30 17:12 <DIR> C:\Program Files\uninstall information
    2004-06-30 16:48 <DIR> C:\Program Files\xerox
    2004-06-30 16:44 <DIR> C:\Program Files\online services
    2004-06-30 16:43 <DIR> C:\Program Files\Common Files\services
    2004-06-30 16:43 <DIR> C:\Program Files\Common Files\mssoap
    2004-06-30 16:41 <DIR> C:\Program Files\msn
    2004-06-30 16:41 <DIR> C:\Program Files\complus applications
    2004-06-30 16:40 <DIR> C:\Program Files\windows nt
    2004-06-30 16:40 <DIR> C:\Program Files\msn gaming zone


    (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


    2006-07-19 07:05 132,698,112 C:\hiberfil.sys
    2006-07-18 21:39 538,831 C:\WINDOWS\system32\ttsru.bak1
    2006-07-18 21:36 573,492 C:\WINDOWS\system32\urstt.dll
    2006-07-18 21:36 539,480 C:\WINDOWS\system32\ttsru.ini
    2006-07-17 18:56 573,492 C:\WINDOWS\system32\nnnno.dll
    2006-07-16 20:22 0 C:\WINDOWS\pestpatrol5.INI
    2006-07-15 18:51 7,680 C:\WINDOWS\system32\bitsprx2.dll
    2006-07-15 18:51 7,168 C:\WINDOWS\system32\bitsprx3.dll
    2006-07-15 18:51 331,776 C:\WINDOWS\system32\winhttp.dll
    2006-07-15 18:51 17,408 C:\WINDOWS\system32\qmgrprxy.dll
    2006-07-15 18:51 158,720 C:\WINDOWS\system32\xpob2res.dll
    2006-07-15 18:18 578,560 C:\Installer2.exe
    2006-07-14 22:15 83,672 C:\WINDOWS\system32\S32EVNT1.DLL
    2006-07-14 22:12 368,912 C:\WINDOWS\system32\VBAR332.DLL
    2006-07-14 22:12 31,744 C:\WINDOWS\system32\S32STAT.DLL
    2006-07-14 22:12 252,176 C:\WINDOWS\system32\MSRD2X35.DLL
    2006-07-14 22:12 24,848 C:\WINDOWS\system32\MSJTER35.DLL
    2006-07-14 22:12 123,664 C:\WINDOWS\system32\MSJINT35.DLL
    2006-07-14 22:12 1,046,288 C:\WINDOWS\system32\MSJET35.DLL
    2006-07-13 22:33 39,437 C:\WINDOWS\system32\gebxywx.dll
    2006-07-13 20:26 69 C:\WINDOWS\V2WIZDRV.SYS
    2006-07-11 20:29 86 C:\WINDOWS\MIRROR32.INI
    2006-07-11 20:16 32,768 C:\WINDOWS\system32\DZCHECK.DLL
    2006-07-11 20:16 25 C:\WINDOWS\system32\DWZPROVER.INI
    2006-07-11 20:16 24,576 C:\WINDOWS\system32\DZINSTEX.DLL
    2006-07-11 20:16 20,480 C:\WINDOWS\DZSAVEME.EXE
    2006-07-11 20:16 110,592 C:\WINDOWS\system32\DZCABOOT.EXE


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NT Logging Service"="syslog32.exe"
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "CaISSDT"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
    "eTrust PestPatrol Active Protection"="none"
    "webHancer Survey Companion"="\"C:\\Program Files\\webHancer\\Programs\\whSurvey.exe\""
    "SurfSideKick 3"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "PPWebCap"="C:\\PROGRA~1\\ScanSoft\\PAPERP~1\\PPWebCap.exe"
    "rmkk"="C:\\Program Files\\Common Files\\rmkk\\rmkkm.exe"
    "Caap"="\"C:\\PROGRA~1\\COMMON~1\\APPATC~1\\alg.exe\" -vt yazr"
    "Uwrezd"="C:\\Documents and Settings\\User\\Application Data\\??mantec\\l?gonui.exe"
    "VCS Host"="vcshost.exe"
    "SurfSideKick 3"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
    "flags"=dword:00000008

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="C:\\WINDOWS\\System32\\ad.html"
    "SubscribedURL"=""
    "FriendlyName"=""
    "Flags"=dword:00002000
    "Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
    03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
    "CurrentState"=dword:40000001
    "OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
    00,00,01,00,00,00
    "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Microsoft Configuration 77"="microsot32.exe"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Microsoft Configuration 77"="microsot32.exe"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Accessibility Wizard.job
    C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
    C:\WINDOWS\tasks\Symantec NetDetect.job
    C:\WINDOWS\tasks\System Diagnostic.job

    Completion time: 19/07/2006 7:35:36.16
    ComboFix ver 06.07.19 - This logfile is located at C:\ComboFix.txt

    ComboFix.txt
    ComboFix2.txt


    Logfile of HijackThis v1.99.1
    Scan saved at 07:54:54, on 19/07/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\APPATC~1\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Documents and Settings\User\My Documents\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.eircom.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by eircom net.
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
    O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [rmkk] C:\Program Files\Common Files\rmkk\rmkkm.exe
    O4 - HKCU\..\Run: [Caap] "C:\PROGRA~1\COMMON~1\APPATC~1\alg.exe" -vt yazr
    O4 - HKCU\..\Run: [Uwrezd] C:\Documents and Settings\User\Application Data\??mantec\l?gonui.exe
    O4 - HKCU\..\Run: [VCS Host] vcshost.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYIE
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.eircom.net
    O20 - AppInit_DLLs: repairs303169581.dll C:\WINDOWS\System32\dvdplay.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
    O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe (file missing)

    Thanks again
     
  4. duka

    duka Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    98
    here is the ewido log and hjt


    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 13:14:11 19/07/2006

    + Scan result:



    HKU\S-1-5-21-1292428093-1682526488-1957994488-1003\Software\Microsoft\Installer\UpgradeCodes\EC46836854EDE044CBB334DB70F1E671\\15DC8F24B676B3D48B4565DA351AF820 -> Adware.CometCursor : Cleaned.
    C:\Installer2.exe -> Adware.Look2Me : Cleaned.
    C:\RECYCLER\NPROTECT\00003691.EXE -> Adware.Look2Me : Cleaned.
    C:\RECYCLER\NPROTECT\00003692.EXE -> Adware.Look2Me : Cleaned.
    C:\mmxxxxmas2.exe -> Adware.MediaMotor : Cleaned.
    C:\red.exe/mmxxxxmas2.exe -> Adware.MediaMotor : Error during cleaning.
    C:\Documents and Settings\User\Application Data\&#1029;&#1091;mantec\l&#959;gonui.exe -> Adware.PurityScan : Cleaned.
    C:\WINDOWS\system32\__delete_on_reboot__d_v_d_p_l_a_y_._d_l_l_ -> Adware.PurityScan : Cleaned.
    [1000] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1028] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1208] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1324] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1428] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1528] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1548] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1632] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1644] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1656] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1720] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1736] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1776] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [1848] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [2024] C:\Documents and Settings\User\Application Data\&#1029;&#1091;mantec\l&#959;gonui.exe -> Adware.PurityScan : Error during cleaning.
    [272] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [392] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [492] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [564] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [612] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [624] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [796] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    [836] C:\WINDOWS\System32\dvdplay.dll -> Adware.PurityScan : Error during cleaning.
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\7KL4HLAE\ff3[1] -> Adware.Virtumonde : Cleaned.
    C:\WINDOWS\system32\nnnno.dll -> Adware.Virtumonde : Cleaned.
    C:\WINDOWS\system32\urstt.dll -> Adware.Virtumonde : Cleaned.
    C:\WINDOWS\system32\TFTP2184 -> Backdoor.Rbot : Cleaned.
    C:\WINDOWS\system32\TFTP3076 -> Backdoor.Rbot : Cleaned.
    C:\WINDOWS\system32\cool.exe -> Backdoor.SdBot : Cleaned.
    C:\WINDOWS\Downloaded Program Files\3133372D2D2D.exe -> Downloader.Adload.ai : Cleaned.
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\3133372D2D2D.exe -> Downloader.Adload.az : Cleaned.
    C:\red.exe/vipza.exe -> Downloader.Adload.az : Error during cleaning.
    C:\RECYCLER\NPROTECT\00003690.exe -> Downloader.Adload.ca : Cleaned.
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5B18HD3V\zo[1].exe/mmxxxxmas2.exe -> Downloader.VB.jl : Error during cleaning.
    C:\masterz.exe/mmxxxxmas2.exe -> Downloader.VB.jl : Error during cleaning.
    C:\WINDOWS\system32\TFTP2264 -> Heuristic.Win32.Morphine-Crypted : Cleaned.
    C:\WINDOWS\system32\TFTP3096 -> Heuristic.Win32.Morphine-Crypted : Cleaned.
    C:\WINDOWS\system32\TFTP3176 -> Heuristic.Win32.Morphine-Crypted : Cleaned.
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5B18HD3V\zo[1].exe/themasterz.exe -> Hijacker.Small.hh : Error during cleaning.
    C:\masterz.exe/themasterz.exe -> Hijacker.Small.hh : Error during cleaning.
    C:\RECYCLER\NPROTECT\00003689.EXE -> Hijacker.VB.nh : Cleaned.
    C:\WINDOWS\Downloaded Program Files\UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
    C:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\User\Cookies\[email protected][2].txt -> TrackingCookie.Kmpads : Cleaned.
    C:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\User\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Program Files\Common Files\A&#1088;pPatch\alg.exe -> Trojan.PurityAd : Cleaned.
    [1976] C:\PROGRA~1\COMMON~1\APPATC~1\alg.exe -> Trojan.PurityAd : Error during cleaning.


    ::Report end



    Logfile of HijackThis v1.99.1
    Scan saved at 13:32:20, on 19/07/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\User\My Documents\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.eircom.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by eircom net.
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
    O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
    O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [rmkk] C:\Program Files\Common Files\rmkk\rmkkm.exe
    O4 - HKCU\..\Run: [Caap] "C:\PROGRA~1\COMMON~1\APPATC~1\alg.exe" -vt yazr
    O4 - HKCU\..\Run: [Uwrezd] C:\Documents and Settings\User\Application Data\??mantec\l?gonui.exe
    O4 - HKCU\..\Run: [VCS Host] vcshost.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYIE
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.eircom.net
    O20 - AppInit_DLLs: repairs303169581.dll C:\WINDOWS\System32\dvdplay.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
    O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe (file missing)

    Thankyou
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    ==========
    Look in your Control Panel under Add/Remove programs for the following:

    PuritySCAN By OIN,
    Snowballwars by OIN,
    OuterInfo or anything similar ,

    If found, click on it and click remove.

    If not listed, download and run this uninstaller:

    http://www.outerinfo.com/OiUninstaller.exe
    ===========================
    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries
    ======================
    Run Ewido in safe mode
    ===========
    You may want to print this or save it to notepad as we will go to safe mode.

    Add remove programs – remove if present - SurfSideKick 3 - Webhancer

    Fix these with HJT – mark them, close IE, click fix checked

    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe

    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

    O4 - HKCU\..\Run: [rmkk] C:\Program Files\Common Files\rmkk\rmkkm.exe

    O4 - HKCU\..\Run: [Caap] "C:\PROGRA~1\COMMON~1\APPATC~1\alg.exe" -vt yazr

    O4 - HKCU\..\Run: [Uwrezd] C:\Documents and Settings\User\Application Data\??mantec\l?gonui.exe

    O4 - HKCU\..\Run: [VCS Host] vcshost.exe

    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

    O20 - AppInit_DLLs: repairs303169581.dll C:\WINDOWS\System32\dvdplay.dll

    O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)

    O23 - Service: Windows NT Session Manager (SMSS) - Unknown owner - C:\WINDOWS\smss.exe (file missing)

    O23 - Service: tsecure - Unknown owner - C:\WINDOWS\tsecure.exe (file missing)
    =============================

    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find this exact name

    NT login service

    Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility

    Repeat for - Windows NT Session Manager - and - tsecure

    =================
    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\SurfSideKick 3
    C:\WINDOWS\System32\syslog32.exe
    C:\Program Files\webHancer
    C:\Program Files\Common Files\rmkk
    C:\PROGRA~1\COMMON~1\APPATC~1
    C:\Documents and Settings\User\Application Data\??mantec
    C:\WINDOWS\System32\vcshost.exe
    C:\WINDOWS\System32\repairs303169581.dll
    C:\WINDOWS\System32\dvdplay.dll
    C:\windows\system32\gebxywx.dll
    C:\WINDOWS\system32\ttsru.ini
    C:\WINDOWS\system32\ttsru.bak1
    C:\WINDOWS\system32\urstt.dll


    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot

    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.


    Please give feedback on what worked/didn’t work and the current status of your system
     
  6. duka

    duka Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    98
    Hello
    great news the computer seems to be working fine, i put extra memory in as it was still slow,the only annoying thing that happens when booting up is a message saying there is no floppy in drive A looking for explorer.exe so i just cancel, any advice on that one. but here is the logs you asked for


    07:19 : |··· Start of Session, Monday, 17 July 2006 ···|
    07:19 : Spy Sweeper 3.0.0 (Build 113) started
    07:20 : Updating spyware definitions
    07:20 : Your definitions are up to date.
    07:22 : Updating spyware definitions
    07:22 : Your definitions are up to date.
    07:23 : Sweep initiated using definitions version 365
    07:23 : Sweeping memory for active spyware.
    07:24 : Memory sweep has completed. Elapsed time 00:00:51
    07:24 : Registry sweep initiated.
    07:24 : Found: 1 Roings Search Enhancment registry traces.
    07:24 : Found: 1 SmartTags registry traces.
    07:24 : Registry sweep completed. Elapsed time 00:01:03
    07:24 : Full sweep on all local drives initiated.
    07:24 : Now sweeping drive C:
    07:57 : Found Adware: Webhancer, version 1, c:\windows\temp\old35.tmp
    07:57 : Found: 1 file traces.
    07:57 : Full Sweep has completed. Elapsed time 00:33:52
    50,855 files swept
    3 spyware traces located
    07:58 : Removal process initiated
    07:58 : Quarantining: Roings Search Enhancment
    07:58 : Registry: HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks||_{cfbfae00-17a6-11d0-99cb-00c04fd64497}
    07:58 : Quarantining: SmartTags
    07:58 : Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders||c:\program files\common files\microsoft shared\smart tag\lists\
    07:58 : Quarantining: Webhancer
    07:58 : File: c:\windows\temp\old35.tmp
    07:58 : Cleaning Traces
    07:58 : Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders|| (c:\program files\common files\microsoft shared\smart tag\lists\)
    07:58 : Removing registry: HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks|| (_{cfbfae00-17a6-11d0-99cb-00c04fd64497})
    07:58 : Removing file: c:\windows\temp\old35.tmp
    07:58 : Removal process completed. Elapsed time 00:00:09
    3 items (3 traces) quarantined.
    07:58 : |··· End of Session, Monday, 17 July 2006 ···|
    01:20 : |··· Start of Session, Thursday, 20 July 2006 ···|
    01:20 : Spy Sweeper 3.0.0 (Build 113) started
    01:22 : Processing Startup Alerts
    01:22 : Removed Startup entry: ImageSync
    01:22 : Processing Startup Alerts
    01:22 : Removed Startup entry: webHancer Survey Companion
    01:22 : Removed Startup entry: SurfSideKick 3
    01:22 : Processing Startup Alerts
    01:22 : Removed Startup entry: SurfSideKick 3
    01:23 : Processing Startup Alerts
    01:23 : Removed Startup entry: VCS Host
    01:23 : Processing Startup Alerts
    01:23 : Removed Startup entry: rmkk
    01:24 : Updating spyware definitions
    01:24 : Your definitions are up to date.
    01:25 : Sweep initiated using definitions version 365
    01:25 : Sweeping memory for active spyware.
    01:25 : Memory sweep has completed. Elapsed time 00:00:11
    01:25 : Registry sweep initiated.
    01:25 : Registry sweep completed. Elapsed time 00:00:21
    01:25 : Full sweep on all local drives initiated.
    01:25 : Now sweeping drive C:
    01:26 : Found Cookie: 2o7.net Cookie, version 1, c:\documents and settings\user\cookies\[email protected][1].txt
    01:35 : Sweep Canceled
    01:35 : Found: 1 file traces.
    01:35 : Full Sweep has completed. Elapsed time 00:10:27
    16,465 files swept
    1 spyware traces located
    01:35 : Removal process initiated
    01:35 : Quarantining: 2o7.net Cookie
    01:35 : Cookie: c:\documents and settings\user\cookies\[email protected][1].txt
    01:35 : Cleaning Traces
    01:35 : Removing file: c:\documents and settings\user\cookies\[email protected][1].txt
    01:35 : Removal process completed. Elapsed time 00:00:00
    1 items (1 traces) quarantined.
    01:36 : |··· End of Session, Thursday, 20 July 2006 ···|
    06:34 : |··· Start of Session, Thursday, 20 July 2006 ···|
    06:34 : Spy Sweeper 3.0.0 (Build 113) started
    06:35 : Processing Startup Alerts
    06:35 : Removed Startup entry: DriveWiz
    06:35 : Updating spyware definitions
    06:35 : Your definitions are up to date.
    06:36 : Sweep initiated using definitions version 365
    06:36 : Sweeping memory for active spyware.
    06:37 : Memory sweep has completed. Elapsed time 00:00:37
    06:37 : Registry sweep initiated.
    06:37 : Registry sweep completed. Elapsed time 00:00:49
    06:37 : Full sweep on all local drives initiated.
    06:37 : Now sweeping drive C:
    06:57 : Found: 0 file traces.
    06:57 : Full Sweep has completed. Elapsed time 00:20:46
    48,777 files swept
    0 spyware traces located
    06:58 : |··· End of Session, Thursday, 20 July 2006 ···|
    10:40 : |··· Start of Session, Thursday, 20 July 2006 ···|
    10:40 : Spy Sweeper 3.0.0 (Build 113) started
    10:40 : Processing Startup Alerts
    10:40 : Removed Startup entry: eTrust PestPatrol Active Protection
    10:41 : Sweep initiated using definitions version 365
    10:41 : Sweeping memory for active spyware.
    10:41 : Memory sweep has completed. Elapsed time 00:00:11
    10:41 : Registry sweep initiated.
    10:41 : Registry sweep completed. Elapsed time 00:00:20
    10:41 : Full sweep on all local drives initiated.
    10:41 : Now sweeping drive C:
    10:42 : Found Cookie: 2o7.net Cookie, version 1, c:\documents and settings\user\cookies\[email protected][1].txt
    11:05 : Found: 1 file traces.
    11:05 : Full Sweep has completed. Elapsed time 00:24:28
    48,846 files swept
    1 spyware traces located
    11:05 : Removal process initiated
    11:05 : Quarantining: 2o7.net Cookie
    11:05 : Cookie: c:\documents and settings\user\cookies\[email protected][1].txt
    11:05 : Cleaning Traces
    11:05 : Removing file: c:\documents and settings\user\cookies\[email protected][1].txt
    11:05 : Removal process completed. Elapsed time 00:00:00
    1 items (1 traces) quarantined.




    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\User\My Documents\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.eircom.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by eircom net.
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYIE
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.eircom.net
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe

    Thankyou
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  8. duka

    duka Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    98
    service pack 1 installed

    ready to go
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Post a new hijack log
     
  10. duka

    duka Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    98
    Here is the hjt log thanks

    Logfile of HijackThis v1.99.1
    Scan saved at 19:38:30, on 21/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\User\My Documents\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.eircom.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by eircom net.
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYIE
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.eircom.net
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Glad you got SP1, otherwise you would continue to get infected

    Fix this with hijack

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxdm119YYIE

    Clean [​IMG] - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?

    Restore points
    Turn off restore points, boot, turn them back on – here’s how

    XP
    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
    ===========================

    Now get the rest of the critical updates from MS
     
  12. duka

    duka Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    98
    everyting seems to be working fine except the annoying pop up on the welcome screen asking for a floppy in drive a, cancel, try again, continue, looking for explorer exe. i also have sp2 on disc would you recommend installing that as well.

    thanks
     
  13. duka

    duka Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    98
    May have spoke too soon, what has just started to happen is that when i have been online when i close down to the desktop all the icons have gone, i can only shut down and restart with task manager to get my icons back.

    Thanks
     
  14. duka

    duka Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    98
    Just n case here is the latest hjt log

    Logfile of HijackThis v1.99.1
    Scan saved at 12:35:27, on 22/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\User\My Documents\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.eircom.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by eircom net.
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\popuppro.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.eircom.net
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe

    Thanks
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Yes load up SP2 - Log is fine
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/484020

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice