1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Remove Exploit.HTML.Mht

Discussion in 'Virus & Other Malware Removal' started by jspinolo, Oct 24, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. jspinolo

    jspinolo Thread Starter

    Joined:
    Oct 24, 2005
    Messages:
    14
    Somehow it got in despite AVG. Identified by Klastersky scan, cannot remove it. Klastersky also found a suspicious thing, did not identify it.
    Please help! :confused:
     
  2. D_Trojanator

    D_Trojanator Malware Specialist

    Joined:
    May 13, 2005
    Messages:
    4,699
    Hi my name is David [​IMG]

    Click here to download HJTsetup.exe
    Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. jspinolo

    jspinolo Thread Starter

    Joined:
    Oct 24, 2005
    Messages:
    14
    Logfile of HijackThis v1.99.1
    Scan saved at 8:58:30 AM, on 10/24/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\AutoSizer\AutoSizer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F2 - REG:system.ini: Shell=
    O2 - BHO: P3PObject Class - {00000178-CD4A-447a-BCF9-6FD0096B5527} - C:\PROGRA~1\PRIVAC~1\P3PCLI~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094174456500
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O18 - Protocol: bw+0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {31F0EBEB-AF01-45EC-910E-2F819083EC79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
     
  4. jspinolo

    jspinolo Thread Starter

    Joined:
    Oct 24, 2005
    Messages:
    14
    Thanks David!
     
  5. D_Trojanator

    D_Trojanator Malware Specialist

    Joined:
    May 13, 2005
    Messages:
    4,699
    Please do both of the following before we start if possible!:

    1) Please print off these intructions - they will be needed later when internet access is not available.
    2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

    There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! :)

    Please download ewido security suite it is a free version of the program.
    1. Install ewido security suite
    2. When installing, under "Additional Options" uncheck.
      • Install background guard
      • Install scan via context menu
    3. Launch ewido, there should be an icon on your desktop, double-click it.
    4. The program will now open to the main screen.
    5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    6. You will need to update ewido to the latest definition files.
      • On the left hand side of the main screen click update.
      • Then click on Start Update.
    7. The update will start and a progress bar will show the updates being installed.
      (the status bar at the bottom will display ("Update successful") [​IMG]
    If you are having problems with the updater, you can use this link to manually update ewido.
    ewido manual updates

    Once the updates are installed do the following:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • You will be prompted to clean the first infection.
    • Select "Perform action on all infections", then proceed.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop or a location where you can find it easily.
    Close ewido security suite.

    Post a new HJT log and the ewido log at the end! :)
    David
     
  6. D_Trojanator

    D_Trojanator Malware Specialist

    Joined:
    May 13, 2005
    Messages:
    4,699
    Also uninstall Logitech Desktop Messenger from add/remove
    David
     
  7. jspinolo

    jspinolo Thread Starter

    Joined:
    Oct 24, 2005
    Messages:
    14
    Hi David,

    So far so good. Tell me, should I rate you step by step, or at the end of the process?

    Anyway, here is the HJT new log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:03:59 PM, on 10/24/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\AutoSizer\AutoSizer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F2 - REG:system.ini: Shell=
    O2 - BHO: P3PObject Class - {00000178-CD4A-447a-BCF9-6FD0096B5527} - C:\PROGRA~1\PRIVAC~1\P3PCLI~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094174456500
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
     
  8. jspinolo

    jspinolo Thread Starter

    Joined:
    Oct 24, 2005
    Messages:
    14
    and here is the ewido report:

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 9:02:40 PM, 10/24/2005
    + Report-Checksum: 4FC5FF70

    + Scan result:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SbCIe02a.dll\\.Owner -> Spyware.SideStep : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SbCIe02a.dll\\{640B39C1-D713-464F-92C3-75BD972B95EE} -> Spyware.SideStep : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\njj97xrf.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Jorge\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Jorge\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Jorge\Local Settings\Temporary Internet Files\Content.IE5\ZMSTI3NY\mm[1].js -> Spyware.Chitika : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.86:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.91:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.137:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.140:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.141:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.144:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.145:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.147:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.148:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.164:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.166:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.167:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.168:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.169:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.170:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.185:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
    :mozilla.186:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.187:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.188:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.189:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.215:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.216:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.217:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.218:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.219:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.220:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.238:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
    :mozilla.242:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.251:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.252:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.253:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.254:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.255:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.256:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.273:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.296:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.297:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.298:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.299:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.300:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.301:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.302:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.303:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.304:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.308:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.317:C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\9xgt9b9u.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Adviva : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\WINDOWS\system32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup
     
  9. D_Trojanator

    D_Trojanator Malware Specialist

    Joined:
    May 13, 2005
    Messages:
    4,699
    With IE closed, run Hijack This again.
    Put a checkmark on these entries and hit "fix checked":

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    F2 - REG:system.ini: Shell=

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab


    Please Navigate to the C:\Windows\Temp folder.
    Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. (if you cannot delete some items it's fine!)

    Then go to Start > Run and type %temp% in the Run box.
    The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.

    Empty the Recycle Bin.
    _______________

    Reboot and post new log
    Also, what is picking up the Exploit.HTML.Mht? Does it give you a pathname?

    David :)
    p.s. you can rate at the end if you like! :)
     
  10. jspinolo

    jspinolo Thread Starter

    Joined:
    Oct 24, 2005
    Messages:
    14
    David, when I try to fix checked options in HiJack This my spyware program gives me this warning:

    The Internet Explorer URL for your IE Urls is attempting to be changed from to C:\WINDOWS\SYSTEM32\blank.htm.

    Advice: Since it is not known if this is spyware you should analyze it before deciding to allow it.

    Do I check allow or block?
     
  11. D_Trojanator

    D_Trojanator Malware Specialist

    Joined:
    May 13, 2005
    Messages:
    4,699
    Allow it then set your homepage to www.google.com or something like that........
    David
     
  12. jspinolo

    jspinolo Thread Starter

    Joined:
    Oct 24, 2005
    Messages:
    14
    Hi again David,

    The virus was detected by the Kaspersky virus scanner online, but I did not keep their report. I can run it again if that helps. Here is the new HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:35:56 PM, on 10/25/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: P3PObject Class - {00000178-CD4A-447a-BCF9-6FD0096B5527} - C:\PROGRA~1\PRIVAC~1\P3PCLI~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe"
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094174456500
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
     
  13. D_Trojanator

    D_Trojanator Malware Specialist

    Joined:
    May 13, 2005
    Messages:
    4,699
    Clean Log!! [​IMG]
    How's everything running? (y) or (n) ?

    Now turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer, turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

    How's everything running? (y) or (n) ?
     
  14. jspinolo

    jspinolo Thread Starter

    Joined:
    Oct 24, 2005
    Messages:
    14
    David, everything is (y) (y) (y) (y) (y)

    You are rated OUTSTANDING in terms of prontitude, accuracy, and clarity.

    Jorge
     
  15. D_Trojanator

    D_Trojanator Malware Specialist

    Joined:
    May 13, 2005
    Messages:
    4,699
    Thanks very much! :)

    As the problem in this thread seems to have been fixed, we ask you to mark this thread as solved!

    To do this please click on the "thread tools" button in the top right hand corner and click on "solved"

    David
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/410639

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice