Post by: carbonmcm on January 02, 2006, 04:10:06 PM
Thanks much,
B.
Logfile of HijackThis v1.99.1
Scan saved at 2:03:37 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\twatdog.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\TOSHIBA\ivp\ISM\ivpsvmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skiracing.com/ (http://\"http://www.skiracing.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpC96E.tmp
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 24
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [TridentWatchDog] twatdog.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radar.com
O17 - HKLM\Software\..\Telephony: DomainName = radar.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = radar.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = radar.com
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
Post by: guestolo on January 02, 2006, 05:01:47 PM
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Don't run this yet,
Download SmitRem.exe by Noahdfear (http://\"http://noahdfear.geekstogo.com/click%20counter/click.php?id=1\") and save the file to your desktop.
DO NOT run it yet
Download and then Install
Ewido anti-malware 3.5 (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
If you don't have the latest version of Ad-Aware
Download and InstallAd-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Don't run a scan yet
==In the event you already have Ad-aware, check for updates now please
Save the rest of these instructions to a Notepad file saved to your desktop or Print them out for use in safe mode
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpC96E.tmp
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
=Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
==Double click on SmitRem.exe to extract it to it's own folder on the desktop.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish. Remain in safe mode
==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
Reboot back to Normal mode
Can you post back the following please
1. Post back a fresh hijackthis log
2. Post the whole contents of the Ewido report
3. Post the Whole log made from SmitRem located here C:\Smitfiles.txt
NOTE: Don't run a scan with Norton's or any others until I have a chance to see these logs please
Post by: carbonmcm on January 02, 2006, 06:15:19 PM
I thought to run the other steps on their own and get back to you but did not want to mess up the process.
Please advise.
Thanks,
Bryan
Post by: guestolo on January 02, 2006, 06:37:22 PM
Post by: carbonmcm on January 02, 2006, 10:37:21 PM
Below are my hijackthis log, followed by the Ewido report and teh SmitRem log.
It appears as if the issue is resolved. Please advise. You guys rock!
B.
Logfile of HijackThis v1.99.1
Scan saved at 8:23:55 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\twatdog.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\TOSHIBA\ivp\ISM\pinger.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skiracing.com/ (http://\"http://www.skiracing.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 24
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [TridentWatchDog] twatdog.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radar.com
O17 - HKLM\Software\..\Telephony: DomainName = radar.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = radar.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = radar.com
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:13:21 PM, 1/2/2006
+ Report-Checksum: 34BCC49C
+ Scan result:
:mozilla.11:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.16:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.21:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.27:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.28:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.29:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.30:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.31:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.40:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.41:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.42:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.46:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.47:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.57:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.62:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.117:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.118:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.119:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.123:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.148:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.154:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.160:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.165:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.166:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.167:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.168:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.169:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.172:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.173:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.174:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.175:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.176:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.184:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.208:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.233:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.241:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.242:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.243:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.246:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.264:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.265:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.280:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.281:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.290:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.291:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.302:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.324:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.325:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.326:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.327:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.332:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.333:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.341:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.342:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.343:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.344:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.351:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.359:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.360:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.370:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.386:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.393:C:\Documents and Settings\bryan.RADAR\Application Data\Mozilla\Firefox\Profiles\7wej5bzq.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 01/02/2006
The current time is: 18:07:00.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SpyAxeFix © by noahdfear
spyaxe directory present
spyaxe uninstaller present
Starting spyaxe uninstaller
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
wbeconm.dll
1024 dir
msvol.tlb
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 740 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on January 02, 2006, 11:22:55 PM
Can you make sure your Virus scanner(Norton's) is right up to date
and run a complete scan please
Let it fix what it finds
If anything is found in the System Volume Information folder
Don't worry about it as we'll fix it on the next step
Final cleanup
If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Make sure you reenable system restore feature
Afterwards, For added protections
You should install this free tool
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
Check for updates every couple of weeks
after every update just simply click the "enable protection on all unprotected items"
Post by: carbonmcm on January 03, 2006, 05:34:56 PM
Regards,
Bryan
Post by: guestolo on January 03, 2006, 07:43:40 PM
I'll lock this topic as your problems are resolved
Take Care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />