1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows explorer hangs while filebrowsing

Discussion in 'Virus & Other Malware Removal' started by efekz, Aug 4, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. efekz

    efekz Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    23
    Well...

    I've been searching every forum and tried almost everything now to fix this problem. I dunno when it started but i think it's been going gradually worse since spring. Once a while windows explorer hangs...no big deal. I just shut it down...toolbar goes away and comes back and everything is normal. Well, that used to happen. Now i can only browse for a minute or less and it hangs. When i shut it down using task manager, as usual the toolbar disappears, but doesn't come back. I start task manager again...and explorer.exe is up and running but with no toolbar.

    I've tried updating but microsoft says my copy of windows is illegal (even though i know it is legal)

    I've checked for viruses, adware and spyware. There are none...(and still when there were some, removing them didn't help)

    Well i'm tired of not beeing able to browse my files. My desktop is loaded with shortcuts. I'm running XP if that's of any help.

    As u c i don't get any error message..it just hangs. Not because of some corrupt .avi or .mp3 ... it just hangs. When explorer hangs and the toolbar dissapears i'm still able to use the programs that allready is open. Right now i have a blank desktop with Norton running.

    I'm thinking the problem might be an svchost.exe problem since this file is the one controling all the .dll services. So after shutting down explorer...svchost refuses it to start? and any other program?....I don't know..just a theory

    I'm norweegian so sorry for my bad english, but please help...
     
  2. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    On the legal thing that Microsoft has with your operating system, the only way to clear this up is to contact Microsoft and get this fixed thru them, there have been a lot of computers sold thru some retailers that are illegal operating systems and the only way to fix this is to talk to Microsoft.

    Microsoft did introduce a program where they would replace a pirated copy of XP if it was unknowingly acquired and you will find the details of that offer at this link. I think the best thing for the member to do is to contact Microsoft and they may be able to help the member out.

    http://www.microsoft.com/presspass/press/2005/jul05/07-25WGA1PR.mspx

    Now about your explorer problem, Are there any error messages that you get and it does not mean that only for explorer I am looking for any before it hangs.

    Also to find out if it is an infection I would like you to follow the instructions below and run a HijackThis.

    To download HJTsetup.exe To Download HijackThis go to the following: http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
    Filename = 1137518044HJTsetup.exe
    Save the file to your desktop.
    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\HijackThis.
    Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialog box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
    Open a TechSupportGuy forum Reply window under Internet & Networking in Security for this thread, to have ready to paste the Hijackthis log into. Click once to place the typing cursor in the reply window.
    At the top of your TSG/browser window, hit Edit then Paste
    You should see your copied Hijackthis log appear in the reply space....then, submit the reply and copy and paste the link in the address bar back to the original thread you were in.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. efekz

    efekz Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    23
    ok i'll get this hjt log
     
  4. efekz

    efekz Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    23
    Hi...

    Here's my HJT log... original thread found here: http://forums.techguy.org/windows-nt-2000-xp/489352-windows-explorer-hangs-while-filebrowsing.html

    Logfile of HijackThis v1.99.1
    Scan saved at 18:02:24, on 04.08.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cusrvc.exe
    C:\Programfiler\Ahead\InCD\InCDsrv.exe
    C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programfiler\Novell\ZENworks\nalntsrv.exe
    C:\Norman\Bin\Zanda.exe
    C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
    C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Programfiler\UPHCLEAN\uphclean.exe
    c:\windows\system32\srvany.exe
    C:\Programfiler\Novell\ZENworks\wm.exe
    c:\programfiler\launch manager\wbutton.exe
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\bin\NJEEVES.EXE
    C:\Norman\Nvc\BIN\nipsvc.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programfiler\Java\j2re1.4.2_04\bin\jusched.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
    C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
    C:\Programfiler\Ahead\InCD\InCD.exe
    C:\Programfiler\Launch Manager\LaunchAp.exe
    C:\Programfiler\Launch Manager\HotkeyApp.exe
    C:\Programfiler\Launch Manager\CtrlVol.exe
    C:\WINDOWS\System32\dpmw32.exe
    C:\WINDOWS\system32\NWTRAY.EXE
    C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    C:\Programfiler\Launch Manager\WButton.exe
    C:\Programfiler\MSN Apps\Updater\01.02.0002.1001\no\msnappau.exe
    C:\Programfiler\Picasa2\PicasaMediaDetector.exe
    C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
    C:\Programfiler\Brother\ControlCenter2\brctrcen.exe
    C:\Norman\bin\ZLH.EXE
    C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
    D:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Programfiler\DAEMON Tools\daemon.exe
    C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Norman\Nvc\bin\cclaw.exe
    C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    D:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Programfiler\Free Download Manager\fdm.exe
    C:\Programfiler\Sony Ericsson\Mobile\audevicemgr.exe
    C:\Programfiler\Mozilla Firefox\firefox.exe
    C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE
    C:\Metacafe\MetacafeAgent.exe
    C:\PROGRA~1\FELLES~1\Nokia\MPAPI\MPAPI3s.exe
    c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
    C:\Programfiler\OpenOffice.org1.1.3\program\soffice.exe
    C:\Programfiler\Webshots\webshots.scr
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\Programfiler\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyServer = 213.114.21.87:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = localhost; 10.17.33.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    Koblinger
    R3 - URLSearchHook: SweetIM For Internet Explorer -

    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} -

    C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll
    O1 - Hosts: 158.36.142.10 HIBURS
    O1 - Hosts: 158.36.142.10 zenwsimport
    O1 - Hosts: 158.36.142.10 SRRS1
    O1 - Hosts: 158.36.142.11 SRRS2
    O1 - Hosts: 158.36.142.12 SRRS3
    O1 - Hosts: 158.36.142.10 HIBURS
    O1 - Hosts: 158.36.142.10 SRRS1
    O1 - Hosts: 158.36.142.11 SRRS2
    O1 - Hosts: 158.36.142.12 SRRS3
    O1 - Hosts: 158.36.142.10 zenwsimport
    O1 - Hosts: 158.36.31.10 kurs.hibu.no
    O1 - Hosts: 158.36.31.20 hone.hibu.no
    O1 - Hosts: 158.36.31.16 terminal.ring.hibu.no
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} -

    C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper -

    {9030D464-4C02-4ABF-8ECC-5164760863C6} -

    C:\Programfiler\Fellesfiler\Microsoft Shared\Windows

    Live\WindowsLiveLogin.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

    C:\Programfiler\MSN Apps\MSN Toolbar\01.02.2001.0001\no\msntb.dll
    O2 - BHO: ToolHelper - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} -

    C:\PROGRA~1\ADVANC~2\Toolbar.dll (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

    C:\Programfiler\MSN Apps\MSN Toolbar\01.02.2001.0001\no\msntb.dll
    O3 - Toolbar: SweetIM For Internet Explorer -

    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} -

    C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched]

    C:\Programfiler\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Programfiler\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LaunchAp] C:\Programfiler\Launch Manager\LaunchAp.exe
    O4 - HKLM\..\Run: [HotkeyApp] C:\Programfiler\Launch Manager\HotkeyApp.exe
    O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\System32\zentray.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe]

    C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [Wbutton] C:\Programfiler\Launch Manager\WButton.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Programfiler\MSN

    Apps\Updater\01.02.0002.1001\no\msnappau.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe

    /logon
    O4 - HKLM\..\Run: [Picasa Media Detector]

    C:\Programfiler\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft

    Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD]

    C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch]

    C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [ControlCenter2.0]

    C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [noWorrys] C:\Program

    Files\ParentPresent\NOworrys\NOWorrys.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [DataLayer]

    C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programfiler\Nokia\Nokia PC

    Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe"

    -lang 1033
    O4 - HKLM\..\Run: [SpySweeper] "C:\Programfiler\Webroot\Spy

    Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [SweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [UDXagain] C:\Programfiler\DirectX Happy Uninstall\Udx.exe

    /ntauto
    O4 - HKLM\..\Run: [SetupDX90c] C:\Programfiler\DirectX Happy

    Uninstall\Udx.exe /setupdx90c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RssReader] C:\Programfiler\RssReader\RssReader.exe
    O4 - HKCU\..\Run: [AutoUpdate] C:\Programfiler\Serials3k\s3k_autoupdate.exe
    O4 - HKCU\..\Run: [Orooni Messenger] C:\Program Files\Orooni\Orooni

    Messenger\oimessenger.exe /minimized
    O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash

    /minimized
    O4 - HKCU\..\Run: [PcSync] D:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe

    /NoDialog
    O4 - HKCU\..\Run: [pro] C:\winstall.exe
    O4 - HKCU\..\Run: [Free Download Manager] C:\Programfiler\Free Download

    Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [SweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
    O4 - Startup: OpenOffice.org 1.1.3.lnk =

    C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe
    O4 - Startup: Adobe Gamma.lnk =

    C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: Webshots.lnk = C:\Programfiler\Webshots\Launcher.exe
    O4 - Startup: MetaCafe.lnk = C:\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = ?
    O4 - Global Startup: Status Monitor.lnk =

    C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk =

    C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk =

    C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MetaCafe.lnk = C:\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Programfiler\Webroot\Spy

    Sweeper\SpySweeperFix.bat
    O8 - Extra context menu item: Download all with Free Download Manager -

    file://C:\Programfiler\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager -

    file://C:\Programfiler\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager -

    file://C:\Programfiler\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager -

    file://C:\Programfiler\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Novell delivered applications -

    {C1994287-422F-47aa-8E5E-6323E210A125} -

    C:\Programfiler\Novell\ZENworks\AxNalServer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader -

    http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) -

    http://site.ebrary.com/support/plugins/ebraryRdr.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

    http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb

    _site.cab?1152362856661
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

    Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

    (MsnMessengerSetupDownloadControl Class) -

    http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

    http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) -

    http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ROYSE.MSFT
    O17 - HKLM\Software\..\Telephony: DomainName = ROYSE.MSFT
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ROYSE.MSFT
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems -

    C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd

    - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. -

    C:\WINDOWS\System32\cusrvc.exe
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service

    (Fswsclds) - F-Secure Corporation - C:\Programfiler\F-Secure

    Anti-Virus\fswsclds.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software -

    C:\Programfiler\Ahead\InCD\InCDsrv.exe
    O23 - Service: Protected Exchange (MainService) - Unknown owner -

    C:\WINDOWS\system32\nprotect.exe (file missing)
    O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. -

    C:\Programfiler\Novell\ZENworks\nalntsrv.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner -

    C:\Norman\Nvc\BIN\nipsvc.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
    O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner -

    C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
    O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe

    (file missing)
    O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe

    (file missing)
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA

    - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data

    Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN

    Status Agent) - Novell Inc. -

    C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Novell ZfD Remote Management (Remote Management Agent) -

    Novell Inc. -

    C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -

    Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f

    "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation

    - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software,

    Inc. - C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WirelessButton - Unknown owner -

    c:\windows\system32\srvany.exe
    O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. -

    C:\Programfiler\Novell\ZENworks\wm.exe

    Hope this makes sense to someone

    thnx
     
  5. efekz

    efekz Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    23
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You need to go here and install "Service Pack 1" This will patch numerous security holes in IE and Windows. As your machine stands now it is wide open to attack from all sorts of nasties. You need to get these updates before we proceed or we will be wasting our time.

    DO NOT install Service pack 2 yet. If you install SP 2 on an infected machine it will cause serious problems. Just get Service Pack 1 installed. After you get SP1 installed, restart your computer. Come back here and post the new Hijack This log.
     
  7. efekz

    efekz Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    23
    Well sp2 is allready installed, but i think this got installed when i first got the comp 2 years ago. Should i uninstall sp2 first?
     
  8. efekz

    efekz Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    23
    Ok...while trying to install sp1 i got an error that said atapi.sys is already in use by an other program. Shut down all other applications and press try again. (freely translated from Norwegian). While shutting down some of the programs that where running i got this error(again freely translated):

    "Generic Host Process for Win32 Services has encountered a problem and has to be shut down. We're sorry for the inconvenience."

    I haven't closed it yet fearing that my comp will shut down or that i might not be able to start any programs
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    IE is SP2 but windows does not show any patches.

    Download Ewido anti-spyware from HERE and save that file to your desktop.

    This is a 30 day trial of the program
    1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run ewido and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
    1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
      IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
    2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. ewido will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.


    Post a new HijackThis log with wordwrap unchecked and the log from Ewido.
     
  10. efekz

    efekz Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    23
    Ok...i'm confused...first install sp1 and then run this virus check. Or the other way around?

    I'm gonna restart my comp now since this generic host thingy is down.

    Thnx for all the help so far
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run Ewido first ...
     
  12. efekz

    efekz Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    23
    well, i'm back... I've run ewido in safemode...

    after returning to normal mode i tried to install sp1...with no luck. Generic Host thingy shutted down again. Now hijackthis won't start. I'll restart and try running it again.

    For now here's the ewido log...

    lol...i think i'll restart now. Notepad won't start.

    brb
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run another HJT log so I can actually read it, ok? ;)
    Turn off word wrap
     
  14. efekz

    efekz Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    23
    I'm real sorry but i didn't find that word wrap thing...so i guess it's not turned off.

    Logfile of HijackThis v1.99.1
    Scan saved at 23:38:21, on 04.08.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\System32\cusrvc.exe
    C:\Programfiler\ewido anti-spyware 4.0\guard.exe
    C:\Programfiler\Ahead\InCD\InCDsrv.exe
    C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programfiler\Novell\ZENworks\nalntsrv.exe
    C:\Norman\Bin\Zanda.exe
    C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
    C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Programfiler\UPHCLEAN\uphclean.exe
    c:\windows\system32\srvany.exe
    C:\Programfiler\Novell\ZENworks\wm.exe
    c:\programfiler\launch manager\wbutton.exe
    C:\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\Nvc\bin\nvcoas.exe
    C:\Norman\bin\NJEEVES.EXE
    C:\Norman\Nvc\BIN\nipsvc.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programfiler\Java\j2re1.4.2_04\bin\jusched.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
    C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
    C:\Programfiler\Ahead\InCD\InCD.exe
    C:\Programfiler\Launch Manager\LaunchAp.exe
    C:\Programfiler\Launch Manager\HotkeyApp.exe
    C:\Programfiler\Launch Manager\CtrlVol.exe
    C:\WINDOWS\System32\dpmw32.exe
    C:\WINDOWS\system32\NWTRAY.EXE
    C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    C:\Programfiler\Launch Manager\WButton.exe
    C:\Programfiler\MSN Apps\Updater\01.02.0002.1001\no\msnappau.exe
    C:\Programfiler\Picasa2\PicasaMediaDetector.exe
    C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
    C:\Programfiler\Brother\ControlCenter2\brctrcen.exe
    C:\Norman\bin\ZLH.EXE
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Norman\Nvc\bin\cclaw.exe
    C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
    D:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Programfiler\Novell\ZENworks\WMRUNDLL.EXE
    C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE
    C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\Sony Ericsson\Mobile\audevicemgr.exe
    C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Metacafe\MetacafeAgent.exe
    c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
    C:\Programfiler\OpenOffice.org1.1.3\program\soffice.exe
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\Programfiler\Brother\Brmfcmon\BrMfimon.exe
    C:\Programfiler\Mozilla Firefox\firefox.exe
    C:\Programfiler\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyServer = 213.114.21.87:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = localhost; 10.17.33.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    Koblinger
    R3 - URLSearchHook: SweetIM For Internet Explorer -

    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} -

    C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll
    O1 - Hosts: 158.36.142.10 HIBURS
    O1 - Hosts: 158.36.142.10 zenwsimport
    O1 - Hosts: 158.36.142.10 SRRS1
    O1 - Hosts: 158.36.142.11 SRRS2
    O1 - Hosts: 158.36.142.12 SRRS3
    O1 - Hosts: 158.36.142.10 HIBURS
    O1 - Hosts: 158.36.142.10 SRRS1
    O1 - Hosts: 158.36.142.11 SRRS2
    O1 - Hosts: 158.36.142.12 SRRS3
    O1 - Hosts: 158.36.142.10 zenwsimport
    O1 - Hosts: 158.36.31.10 kurs.hibu.no
    O1 - Hosts: 158.36.31.20 hone.hibu.no
    O1 - Hosts: 158.36.31.16 terminal.ring.hibu.no
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} -

    C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper -

    {9030D464-4C02-4ABF-8ECC-5164760863C6} -

    C:\Programfiler\Fellesfiler\Microsoft Shared\Windows

    Live\WindowsLiveLogin.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

    C:\Programfiler\MSN Apps\MSN Toolbar\01.02.2001.0001\no\msntb.dll
    O2 - BHO: ToolHelper - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} -

    C:\PROGRA~1\ADVANC~2\Toolbar.dll (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

    C:\Programfiler\MSN Apps\MSN Toolbar\01.02.2001.0001\no\msntb.dll
    O3 - Toolbar: SweetIM For Internet Explorer -

    {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} -

    C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched]

    C:\Programfiler\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Programfiler\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [LaunchAp] C:\Programfiler\Launch Manager\LaunchAp.exe
    O4 - HKLM\..\Run: [HotkeyApp] C:\Programfiler\Launch Manager\HotkeyApp.exe
    O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\System32\zentray.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe]

    C:\Programfiler\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [Wbutton] C:\Programfiler\Launch Manager\WButton.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Programfiler\MSN

    Apps\Updater\01.02.0002.1001\no\msnappau.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe

    /logon
    O4 - HKLM\..\Run: [Picasa Media Detector]

    C:\Programfiler\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft

    Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD]

    C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch]

    C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [ControlCenter2.0]

    C:\Programfiler\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [noWorrys] C:\Program

    Files\ParentPresent\NOworrys\NOWorrys.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [DataLayer]

    C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programfiler\Nokia\Nokia PC

    Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [SpySweeper] "C:\Programfiler\Webroot\Spy

    Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [SweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [UDXagain] C:\Programfiler\DirectX Happy Uninstall\Udx.exe

    /ntauto
    O4 - HKLM\..\Run: [SetupDX90c] C:\Programfiler\DirectX Happy

    Uninstall\Udx.exe /setupdx90c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RssReader] C:\Programfiler\RssReader\RssReader.exe
    O4 - HKCU\..\Run: [AutoUpdate] C:\Programfiler\Serials3k\s3k_autoupdate.exe
    O4 - HKCU\..\Run: [Orooni Messenger] C:\Program Files\Orooni\Orooni

    Messenger\oimessenger.exe /minimized
    O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash

    /minimized
    O4 - HKCU\..\Run: [PcSync] D:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe

    /NoDialog
    O4 - HKCU\..\Run: [pro] C:\winstall.exe
    O4 - HKCU\..\Run: [Free Download Manager] C:\Programfiler\Free Download

    Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [SweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe
    O4 - Startup: OpenOffice.org 1.1.3.lnk =

    C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe
    O4 - Startup: Adobe Gamma.lnk =

    C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: Webshots.lnk = C:\Programfiler\Webshots\Launcher.exe
    O4 - Startup: MetaCafe.lnk = C:\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = ?
    O4 - Global Startup: Status Monitor.lnk =

    C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk =

    C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk =

    C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: MetaCafe.lnk = C:\Metacafe\MetacafeAgent.exe
    O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Programfiler\Webroot\Spy

    Sweeper\SpySweeperFix.bat
    O8 - Extra context menu item: Download all with Free Download Manager -

    file://C:\Programfiler\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager -

    file://C:\Programfiler\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager -

    file://C:\Programfiler\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager -

    file://C:\Programfiler\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Programfiler\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Novell delivered applications -

    {C1994287-422F-47aa-8E5E-6323E210A125} -

    C:\Programfiler\Novell\ZENworks\AxNalServer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader -

    http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) -

    http://site.ebrary.com/support/plugins/ebraryRdr.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

    http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb

    _site.cab?1152362856661
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

    Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

    (MsnMessengerSetupDownloadControl Class) -

    http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

    http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) -

    http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ROYSE.MSFT
    O17 - HKLM\Software\..\Telephony: DomainName = ROYSE.MSFT
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ROYSE.MSFT
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
    O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems -

    C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd

    - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. -

    C:\WINDOWS\System32\cusrvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -

    C:\Programfiler\ewido anti-spyware 4.0\guard.exe
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service

    (Fswsclds) - F-Secure Corporation - C:\Programfiler\F-Secure

    Anti-Virus\fswsclds.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software -

    C:\Programfiler\Ahead\InCD\InCDsrv.exe
    O23 - Service: Protected Exchange (MainService) - Unknown owner -

    C:\WINDOWS\system32\nprotect.exe (file missing)
    O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. -

    C:\Programfiler\Novell\ZENworks\nalntsrv.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner -

    C:\Norman\Nvc\BIN\nipsvc.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
    O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner -

    C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
    O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe

    (file missing)
    O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe

    (file missing)
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA

    - C:\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data

    Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN

    Status Agent) - Novell Inc. -

    C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Novell ZfD Remote Management (Remote Management Agent) -

    Novell Inc. -

    C:\Programfiler\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) -

    Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f

    "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation

    - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software,

    Inc. - C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WirelessButton - Unknown owner -

    c:\windows\system32\srvany.exe
    O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. -

    C:\Programfiler\Novell\ZENworks\wm.exe
     
  15. efekz

    efekz Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    23
    And the ewido log:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 22:50:57 04.08.2006

    + Scan result:



    HKU\S-1-5-21-1390067357-1580818891-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Windows installer -> Adware.PestTrap : Cleaned with backup (quarantined).
    H:\Downloads\Lemonade Tycoon 2 New York City Edition + Serials.rar/Ultimate Demolition Derby [ PC auto bitorent ] by PeerAnia.com.zip/Ultimate Demolition Derby [ PC auto bitorent ] by PeerAnia.com.com -> Adware.Trymedia : Cleaned with backup (quarantined).
    H:\Downloads\Lemonade Tycoon 2 New York City Edition - Cracked FULL.rar/Civilization III Gold Edition [ auto -bitorent ] by PeerAnia.com.zip/Civilization III Gold Edition [ auto -bitorent ] by PeerAnia.com.com -> Adware.Trymedia : Cleaned with backup (quarantined).
    I:\Installs\Small games\TonkaMonsterTrucks-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
    H:\Downloads\World Of Warcraft Key Gen Beta + Account(1).rar/WoW Beta Crack.exe -> Backdoor.IrcContact.30 : Cleaned with backup (quarantined).
    H:\Downloads\World Of Warcraft Key Gen Beta + Account.rar/WoW Beta Crack.exe -> Backdoor.IrcContact.30 : Cleaned with backup (quarantined).
    H:\Downloads\World Of Warcraft Key Gen Beta + Account(1).rar/WoW Account.txt -> Dropper.Calimocho : Cleaned with backup (quarantined).
    H:\Downloads\World Of Warcraft Key Gen Beta + Account.rar/WoW Account.txt -> Dropper.Calimocho : Cleaned with backup (quarantined).
    I:\Games\Age of empires 2 Conquerors\Age of Empires 2 The Conquerors\Voodoo Trainer.exe -> Dropper.Small : Cleaned with backup (quarantined).
    I:\Installs\Big games\Age_of_Empires_2_The_Conquerors.rar/Age of Empires 2 The Conquerors\Voodoo Trainer.exe -> Dropper.Small : Cleaned with backup (quarantined).
    C:\Programfiler\eMule\Incoming\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Deutsch\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    C:\Programfiler\eMule\Incoming\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\English\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    C:\Programfiler\eMule\Incoming\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Espa¤ol\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    C:\Programfiler\eMule\Incoming\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Fran‡ais\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    C:\Programfiler\eMule\Incoming\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Italiano\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    C:\Programfiler\eMule\Incoming\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Nederlands\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    C:\Programfiler\eMule\Incoming\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Portugeses\Photos clara morgane, irina voronina, titia\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    C:\Programfiler\eMule\Incoming\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Portugeses\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    H:\Downloads\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Deutsch\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    H:\Downloads\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\English\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    H:\Downloads\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Espa¤ol\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    H:\Downloads\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Fran‡ais\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    H:\Downloads\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Italiano\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    H:\Downloads\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Nederlands\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    H:\Downloads\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Portugeses\Photos clara morgane, irina voronina, titia\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    H:\Downloads\CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN).rar/CRACK CIVILIZATION 4 (MULTILANGUAGE VERSION)(RUN)\Portugeses\trembler.exe/trembler.exe -> Not-A-Virus.BadJoke.Win32.Trembler : Cleaned with backup (quarantined).
    H:\Downloads\illegal_adv_uninstall.exe -> Not-A-Virus.Hoax.Win32.Renos.dv : Cleaned with backup (quarantined).
    H:\Downloads\uninstallers.zip/illegal_adv_uninstall.exe -> Not-A-Virus.Hoax.Win32.Renos.dv : Cleaned with backup (quarantined).
    :mozilla.477:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
    :mozilla.478:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
    :mozilla.479:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
    :mozilla.262:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.263:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.264:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.265:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.266:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.267:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.268:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.269:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.270:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.271:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.272:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.273:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.274:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.275:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.276:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.277:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.278:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.279:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.280:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.281:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.282:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.283:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.288:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.298:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.579:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.781:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.787:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.789:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.877:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    D:\UserData\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    D:\UserData\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    D:\UserData\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    :mozilla.286:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.287:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
    :mozilla.185:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    :mozilla.186:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    D:\UserData\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    :mozilla.174:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.175:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.176:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.177:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.178:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.179:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.180:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.94:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.257:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
    :mozilla.583:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    :mozilla.240:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.241:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.242:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    :mozilla.236:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.237:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.238:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.239:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.225:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
    :mozilla.299:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.300:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.301:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    D:\UserData\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    D:\UserData\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    :mozilla.118:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.155:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.156:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.157:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.158:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.159:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.420:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.647:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    :mozilla.195:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.196:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.224:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
    :mozilla.294:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.295:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.296:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.297:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.407:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.554:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.689:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.690:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.691:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.692:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.695:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.721:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.794:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    :mozilla.494:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    :mozilla.495:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    :mozilla.496:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    :mozilla.497:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
    :mozilla.574:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
    :mozilla.636:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.I12 : Cleaned with backup (quarantined).
    :mozilla.637:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.I12 : Cleaned with backup (quarantined).
    :mozilla.638:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.I12 : Cleaned with backup (quarantined).
    :mozilla.639:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.I12 : Cleaned with backup (quarantined).
    :mozilla.640:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.I12 : Cleaned with backup (quarantined).
    :mozilla.641:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.I12 : Cleaned with backup (quarantined).
    :mozilla.189:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
    :mozilla.9:C:\Documents and Settings\Student\Lokale innstillinger\Temp\~DFF43A.tmp -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
    D:\UserData\Cookies\[email protected][1].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined).
    D:\UserData\Cookies\[email protected][2].txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
    D:\UserData\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
    :mozilla.117:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    :mozilla.550:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    :mozilla.551:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    :mozilla.552:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
    :mozilla.632:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.633:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.656:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    :mozilla.658:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.659:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.660:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.661:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.426:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.427:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.428:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.429:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.430:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    :mozilla.776:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.777:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.839:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
    :mozilla.788:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    :mozilla.560:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
    :mozilla.15:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.16:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.17:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.18:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.19:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.20:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.21:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.22:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.23:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.24:C:\Documents and Settings\Student\Programdata\Mozilla\Firefox\Profiles\b5lnuomi.default\cookies.txt ->
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/489375

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice