Post by: maninneed on May 10, 2005, 01:26:26 PM
Thank You in advance
Logfile of HijackThis v1.99.1
Scan saved at 20:16:47, on 10.5.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Windows\System32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/ (http://\"http://www.fastweb.it/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fastweb.it (http://\"http://www.fastweb.it\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fastweb.it/ (http://\"http://www.fastweb.it/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by FastWeb
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GPTCR2] C:\Windows\GPT
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {CC42FB49-697E-4392-A1AE-B945CD6B97C5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CC42FB49-697E-4392-A1AE-B945CD6B97C5} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fastweb.it
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...mputers_TSeries (http://\"https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.09.13&unknown&unknown&http://www.sonystyle.com/is-bin/INTERSHOP.enfinity/eCS/Store/en/-/USD/SY_DisplayProductInformation-Start?ProductSKU=VGNT250P%2fS&Dept=computers&CategoryName=cpu_VAIONotebookComputers_TSeries\")
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab (http://\"http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: maninneed on May 10, 2005, 08:30:05 PM
please
thanks
Post by: guestolo on May 12, 2005, 12:19:16 AM
Not much time has passed, but could I have you post a fresh Hijackthis log
Also
Could you Download and UNZIP to a folder Get2.Zip from the attachment below, so you now have Get2.bat extracted to a folder
Doulble click on Get2.bat and a text file called Export2.txt will be produced
Copy and paste back Export2.txt also
Could you also
Do the following please
Download Find1.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=211\") and UNZIP it
Double click Find1.bat and copy and paste back the text file that opens
And one last request
Download and unzip to desktop Export.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=206\") so you now have Export.bat on the desktop
Double click on Export.bat and a new text file will appear on the desktop
Export.txt
Can you copy and paste that back here
Post by: raysdga on May 12, 2005, 12:30:12 AM
/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' /> Those free websites will kill your computer if you are not [color=\"purple\"]protected[/color] no pun intended /ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' />
Post by: maninneed on May 13, 2005, 06:34:10 AM
Logfile of HijackThis v1.99.1
Scan saved at 13:25:22, on 13.5.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Up2Date.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/ (http://\"http://www.fastweb.it/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fastweb.it (http://\"http://www.fastweb.it\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fastweb.it/ (http://\"http://www.fastweb.it/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by FastWeb
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GPTCR2] C:\Windows\GPT
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {CC42FB49-697E-4392-A1AE-B945CD6B97C5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CC42FB49-697E-4392-A1AE-B945CD6B97C5} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fastweb.it
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...mputers_TSeries (http://\"https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.09.13&unknown&unknown&http://www.sonystyle.com/is-bin/INTERSHOP.enfinity/eCS/Store/en/-/USD/SY_DisplayProductInformation-Start?ProductSKU=VGNT250P%2fS&Dept=computers&CategoryName=cpu_VAIONotebookComputers_TSeries\")
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab (http://\"http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
then from get2 :
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"_NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktopChanges"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"WallpaperStyle"=dword:00000000
"NoDispBackgroundPage"=dword:00000001
"NoDispAppearancePage"=dword:00000001
"Wallpaper"="c:\\wp.bmp"
now find1:
Volume in drive C has no label.
Volume Serial Number is E027-3C3A
Directory of C:\WINDOWS\Resources\Themes
18.09.2001 22:45 <DIR> .
18.09.2001 22:45 <DIR> ..
11.05.2005 02:20 <DIR> Luna
18.08.2001 15:00 1.222 Luna.theme
18.08.2001 15:00 3.025 Windows Classic.theme
2 File(s) 4.247 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna
11.05.2005 02:20 <DIR> .
11.05.2005 02:20 <DIR> ..
04.08.2004 07:33 4.190.352 luna.msstyles
23.12.2002 02:52 <DIR> MUI
18.09.2001 22:45 <DIR> Shell
1 File(s) 4.190.352 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\MUI
23.12.2002 02:52 <DIR> .
23.12.2002 02:52 <DIR> ..
23.12.2002 02:52 <DIR> 041a
23.12.2002 02:52 <DIR> 0424
0 File(s) 0 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\MUI\041a
23.12.2002 02:52 <DIR> .
23.12.2002 02:52 <DIR> ..
04.03.2002 21:00 49.152 Luna.msstyles.mui
1 File(s) 49.152 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\MUI\0424
23.12.2002 02:52 <DIR> .
23.12.2002 02:52 <DIR> ..
04.03.2002 21:00 49.152 Luna.msstyles.mui
1 File(s) 49.152 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell
18.09.2001 22:45 <DIR> .
18.09.2001 22:45 <DIR> ..
18.09.2001 22:45 <DIR> Homestead
18.09.2001 22:45 <DIR> Metallic
18.09.2001 22:45 <DIR> NormalColor
0 File(s) 0 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
18.09.2001 22:45 <DIR> .
18.09.2001 22:45 <DIR> ..
23.12.2002 02:52 <DIR> MUI
18.08.2001 15:00 362.496 shellstyle.dll
1 File(s) 362.496 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\MUI
23.12.2002 02:52 <DIR> .
23.12.2002 02:52 <DIR> ..
23.12.2002 02:52 <DIR> 041a
23.12.2002 02:52 <DIR> 0424
0 File(s) 0 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\MUI\041a
23.12.2002 02:52 <DIR> .
23.12.2002 02:52 <DIR> ..
04.03.2002 21:00 16.384 ShellStyle.dll.mui
1 File(s) 16.384 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\MUI\0424
23.12.2002 02:52 <DIR> .
23.12.2002 02:52 <DIR> ..
04.03.2002 21:00 8.192 ShellStyle.dll.mui
1 File(s) 8.192 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
18.09.2001 22:45 <DIR> .
18.09.2001 22:45 <DIR> ..
23.12.2002 02:52 <DIR> MUI
18.08.2001 15:00 362.496 shellstyle.dll
1 File(s) 362.496 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic\MUI
23.12.2002 02:52 <DIR> .
23.12.2002 02:52 <DIR> ..
23.12.2002 02:52 <DIR> 041a
23.12.2002 02:52 <DIR> 0424
0 File(s) 0 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic\MUI\041a
23.12.2002 02:52 <DIR> .
23.12.2002 02:52 <DIR> ..
04.03.2002 21:00 16.384 ShellStyle.dll.mui
1 File(s) 16.384 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic\MUI\0424
23.12.2002 02:52 <DIR> .
23.12.2002 02:52 <DIR> ..
04.03.2002 21:00 8.192 ShellStyle.dll.mui
1 File(s) 8.192 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
18.09.2001 22:45 <DIR> .
18.09.2001 22:45 <DIR> ..
23.12.2002 02:52 <DIR> MUI
18.08.2001 15:00 361.472 shellstyle.dll
1 File(s) 361.472 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor\MUI
23.12.2002 02:52 <DIR> .
23.12.2002 02:52 <DIR> ..
23.12.2002 02:52 <DIR> 041a
23.12.2002 02:52 <DIR> 0424
0 File(s) 0 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor\MUI\041a
23.12.2002 02:52 <DIR> .
23.12.2002 02:52 <DIR> ..
04.03.2002 21:00 16.384 ShellStyle.dll.mui
1 File(s) 16.384 bytes
Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor\MUI\0424
23.12.2002 02:52 <DIR> .
23.12.2002 02:52 <DIR> ..
04.03.2002 21:00 8.192 ShellStyle.dll.mui
1 File(s) 8.192 bytes
Total Files Listed:
14 File(s) 5.453.095 bytes
53 Dir(s) 2.645.479.424 bytes free
and finally from export:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="Themes"
"Group"="UIGroup"
"ObjectName"="LocalSystem"
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,74,00,65,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"Description"="Provides user experience theme management."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,68,00,73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceMain"="ThemeServiceMain"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes\Enum]
"0"="Root\\LEGACY_THEMES\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
that s all...hope to hear from you soon.
thanks
Post by: guestolo on May 13, 2005, 03:05:26 PM
This fix was developed by some Spyware fighters from another forum
I just altered it a bit
* Please download the Killbox by Option^Explicit (http://\"http://www.atribune.org/downloads/KillBox.exe\"). [color=\"red\"]*In the event you already have Killbox, this is a new version that I need you to download[/color].
* Save it to your desktop or a folder
*Download and then Install
Ewido Trojan Scanner (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We'll fix that later
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
*Download and UNZIP to a folder or desktop
Fixdesktop.zip, so you now have Fixdesktop.reg extracted
[attachment=219:attachment]
Please Print this out or save these instructions to a Notepad file and save it to your Desktop or a folder
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
Security IGuard
Virtual Maid
Search Maid
Exit Add/Remove Programs.
[color=\"red\"]I need you to copy all of the Killbox file paths below and paste them into Notepad.[/color]
* Please double-click Killbox.exe to run it.
* Select "Delete on Reboot".
* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C
C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\system32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe
* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
[color=\"red\"]While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.[/color]
[color=\"purple\"]While in Safe Mode, please do the following:[/color]
Run Ewido, and run a full scan. Clean any infected files found, and save the log from the scan.
Next, please enable viewing of hidden files as follows:
1) Go to My Computer, and click on the "Tools" menu
2) Click "Folder options"
3) Select the "View" tab
4) Make sure "Show hidden files and folders" is selected
5) Make sure "Hide extensions for known file types" is unchecked
6) Make sure "Hide protected operating system files (recommended)" is unchecked
Delete the following folders, if they exist:
C:\Program Files\Search Maid
C:\Program Files\Security IGuard
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
Double Click on Fixdesktop.reg and allow to merge to the registry
Do another scan with Hijackthis and put a check next to these entries:
Not all may be seen in safe mode, but fix what you see from the below
02 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [GPTCR2] C:\Windows\GPT
O9 - Extra button: Microsoft AntiSpyware helper - {CC42FB49-697E-4392-A1AE-B945CD6B97C5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CC42FB49-697E-4392-A1AE-B945CD6B97C5} - (no file) (HKCU)
After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Restart back to Normal Mode
Run another scan with Hijackthis and post a fresh log along with the log from Ewidos
Post by: maninneed on May 13, 2005, 10:43:20 PM
here is the scan report
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:15:22, 14.5.2005
+ Report-Checksum: B8F01E17
+ Date of database: 14.5.2005
+ Version of scan engine: v3.0
+ Duration: 57 min
+ Scanned Files: 69680
+ Speed: 20.17 Files/Second
+ Infected files: 25
+ Removed files: 25
+ Files put in quarantine: 25
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\Administrator\Cookies\administrator@36758665[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bravenet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@S152628[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\cd_clint.dll -> Spyware.Cydoor -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\__unin__.exe -> Spyware.Altnet.b -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\~3A.exe -> Dialer.Generic -> Cleaned with backup
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP177\A0101269.exe -> TrojanDownloader.Small.aub -> Cleaned with backup
C:\WINDOWS\sys5418.exe -> TrojanDownloader.Small.aub -> Cleaned with backup
::Report End
HJT log
Logfile of HijackThis v1.99.1
Scan saved at 5:39:39, on 14.5.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\MPSetup_MUISLV.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/ (http://\"http://www.fastweb.it/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fastweb.it (http://\"http://www.fastweb.it\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fastweb.it/ (http://\"http://www.fastweb.it/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by FastWeb
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fastweb.it
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...mputers_TSeries (http://\"https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.09.13&unknown&unknown&http://www.sonystyle.com/is-bin/INTERSHOP.enfinity/eCS/Store/en/-/USD/SY_DisplayProductInformation-Start?ProductSKU=VGNT250P%2fS&Dept=computers&CategoryName=cpu_VAIONotebookComputers_TSeries\")
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab (http://\"http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
hope to hear from you soon.Thanks.
Post by: guestolo on May 13, 2005, 10:46:39 PM
Post by: maninneed on May 13, 2005, 10:48:46 PM
Post by: maninneed on May 13, 2005, 10:51:29 PM
windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"_NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
Post by: guestolo on May 13, 2005, 10:56:49 PM
EDIT>>Restart the computer
Back in Windows
Do the following
1. Open the Control Panel.
2. Open Display Properties.
3. Click the Desktop tab.
4. Change your background>>You can change it back later if preferred
5. Click the Customize Desktop button.
6. Click the Web tab in the Desktop Items window.
7. Uncheck "Security" or Make sure all checkboxes in this window are un-checked.
OK your way out
Log off your user account and log back on again if anything unchecked
Post by: maninneed on May 13, 2005, 11:10:10 PM
God bless you!
Post by: guestolo on May 13, 2005, 11:19:44 PM
I know you said you tried SpywareDoctor, I don't use it and I'm not sure if I ever will
I also see Spybot in your log
If it's the latest version I would hold onto it, as I didn't see Spybot in your first log
I would assume you have the latest version
Also, If you don't have Ad-Aware you may want to try running it too
Download and Install the free version of Ad-Aware SE Personal 1.05 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Hold onto this, it will update for free for the life of the product
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
RESTART your computer to finish the cleaning process
Back in Windows
If everything is running better
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
Once reenabled it will create a fresh restore point
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Once back in Windows and System Restore is reenabled
You should set up protection against future attacks
SpywareBlaster 3.3 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection
IE-Spyad is compatible with Service Pack 2 as well
Post by: maninneed on May 14, 2005, 07:41:47 AM
what about the found new hardwer wizard that keeps appearing and wants to install ewido security suite?
Post by: maninneed on May 14, 2005, 10:14:18 AM
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\AV\HijackThis.exe
C:\Windows\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/ (http://\"http://www.fastweb.it/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fastweb.it (http://\"http://www.fastweb.it\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fastweb.it/ (http://\"http://www.fastweb.it/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by FastWeb
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fastweb.it
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...mputers_TSeries (http://\"https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.09.13&unknown&unknown&http://www.sonystyle.com/is-bin/INTERSHOP.enfinity/eCS/Store/en/-/USD/SY_DisplayProductInformation-Start?ProductSKU=VGNT250P%2fS&Dept=computers&CategoryName=cpu_VAIONotebookComputers_TSeries\")
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab (http://\"http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on May 14, 2005, 11:05:49 AM
Not sure why Ewido is trying to install via Add new hardware
But you may try uninstalling Ewido via Control panel>>Add/remove programs and see if it goes away