Post by: scrappingmama on May 14, 2006, 03:46:45 PM
************** Startdreck.log *************
StartDreck (build 2.1.7 public stable) - 2006-05-14 @ 15:30:23 (GMT -05:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)
Internet Explorer: 6.0.2800.1106
Logged in as Owner at BIGMAMA
»Registry
»Files
»System/Drivers
»NT Services
*Alerter Alerter - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Application Layer Gateway Service ALG - on demand
`binary: C:\WINDOWS\System32\alg.exe
*Application Management AppMgmt - on demand
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*ASP.NET State Service aspnet_state - on demand
`binary: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
*Windows Audio AudioSrv running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Background Intelligent Transfer Service BITS - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Computer Browser Browser running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Indexing Service CiSvc - on demand
`binary: C:\WINDOWS\system32\cisvc.exe
*ClipBook ClipSrv - on demand
`binary: C:\WINDOWS\system32\clipsrv.exe
*COM+ System Application COMSysApp - on demand
`binary: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
*Cryptographic Services CryptSvc running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*DefWatch DefWatch running auto
`binary: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
*DHCP Client Dhcp running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Logical Disk Manager Administrative Service dmadmin - on demand
`binary: C:\WINDOWS\System32\dmadmin.exe /com
*Logical Disk Manager dmserver - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*DNS Client Dnscache running auto
`binary: C:\WINDOWS\System32\svchost.exe -k NetworkService
*EPSON Printer Status Agent2 EPSONStatusAgent2 running auto
`binary: C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
*Error Reporting Service ERSvc running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Event Log Eventlog running auto
`binary: C:\WINDOWS\system32\services.exe
*COM+ Event System EventSystem running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*ewido security suite control ewido security suite running auto
`binary: C:\Program Files\ewido\security suite\ewidoctrl.exe
*Fast User Switching Compatibility FastUserSwitchingCom running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Fax Fax - on demand
`binary: C:\WINDOWS\system32\fxssvc.exe
*Help and Support helpsvc running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Human Interface Device Access HidServ - disabled
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*InstallDriver Table Manager IDriverT - on demand
`binary: C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
*IMAPI CD-Burning COM Service ImapiService - on demand
`binary: C:\WINDOWS\System32\imapi.exe
*Iomega Activity Disk2 Iomega Activity Disk - disabled
`binary: ""
*Iomega App Services Iomega App Services running auto
`binary: "C:\PROGRA~1\Iomega\System32\AppServices.exe"
*iPodService iPodService running on demand
`binary: C:\Program Files\iPod\bin\iPodService.exe
*Server lanmanserver running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Workstation lanmanworkstation running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*TCP/IP NetBIOS Helper LmHosts running auto
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Messenger Messenger - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*NetMeeting Remote Desktop Sharing mnmsrvc - on demand
`binary: C:\WINDOWS\System32\mnmsrvc.exe
*Distributed Transaction Coordinator MSDTC - on demand
`binary: C:\WINDOWS\System32\msdtc.exe
*Windows Installer MSIServer - on demand
`binary: C:\WINDOWS\System32\msiexec.exe /V
*Network DDE NetDDE - on demand
`binary: C:\WINDOWS\system32\netdde.exe
*Network DDE DSDM NetDDEdsdm - on demand
`binary: C:\WINDOWS\system32\netdde.exe
*Net Logon Netlogon - on demand
`binary: C:\WINDOWS\System32\lsass.exe
*Network Connections Netman running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Network Location Awareness (NLA) Nla running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Symantec AntiVirus Client Norton AntiVirus Ser running auto
`binary: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
*NT LM Security Support Provider NtLmSsp - on demand
`binary: C:\WINDOWS\System32\lsass.exe
*Removable Storage NtmsSvc - on demand
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*NVIDIA Driver Helper Service NVSvc - auto
`binary: C:\WINDOWS\System32\nvsvc32.exe
*Office Source Engine ose - on demand
`binary: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
*Plug and Play PlugPlay running auto
`binary: C:\WINDOWS\system32\services.exe
*IPSEC Services PolicyAgent running auto
`binary: C:\WINDOWS\System32\lsass.exe
*Protected Storage ProtectedStorage running auto
`binary: C:\WINDOWS\system32\lsass.exe
*Remote Access Auto Connection Manager RasAuto - disabled
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Access Connection Manager RasMan running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Desktop Help Session Manager RDSessMgr - on demand
`binary: C:\WINDOWS\system32\sessmgr.exe
*Routing and Remote Access RemoteAccess - disabled
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Procedure Call (RPC) Locator RpcLocator - on demand
`binary: C:\WINDOWS\System32\locator.exe
*Remote Procedure Call (RPC) RpcSs running auto
`binary: C:\WINDOWS\system32\svchost -k rpcss
*QoS RSVP RSVP - on demand
`binary: C:\WINDOWS\System32\rsvp.exe
*Security Accounts Manager SamSs running auto
`binary: C:\WINDOWS\system32\lsass.exe
*Smart Card Helper SCardDrv - on demand
`binary: C:\WINDOWS\System32\SCardSvr.exe
*Smart Card SCardSvr - on demand
`binary: C:\WINDOWS\System32\SCardSvr.exe
*Task Scheduler Schedule running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Secondary Logon seclogon running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*System Event Notification SENS running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Internet Connection Firewall (ICF) / Internet C SharedAccess - on demand
`onnection Sharing (ICS)
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Shell Hardware Detection ShellHWDetection running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Symantec Network Drivers Service SNDSrvc - on demand
`binary: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
*Print Spooler Spooler running auto
`binary: C:\WINDOWS\system32\spoolsv.exe
*System Restore Service srservice running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*SSDP Discovery Service SSDPSRV running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Windows Image Acquisition (WIA) stisvc running auto
`binary: C:\WINDOWS\System32\svchost.exe -k imgsvc
*MS Software Shadow Copy Provider SwPrv - on demand
`binary: C:\WINDOWS\System32\dllhost.exe /Processid:{80A0071B-FFF9-443D-ACBC-93ACFC851833}
*Performance Logs and Alerts SysmonLog - on demand
`binary: C:\WINDOWS\system32\smlogsvc.exe
*Telephony TapiSrv running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Terminal Services TermService running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Themes Themes running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Distributed Link Tracking Client TrkWks running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Windows User Mode Driver Framework UMWdf running auto
`binary: C:\WINDOWS\System32\wdfmgr.exe
*Upload Manager uploadmgr running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Universal Plug and Play Device Host upnphost - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Uninterruptible Power Supply UPS - on demand
`binary: C:\WINDOWS\System32\ups.exe
*Volume Shadow Copy VSS - on demand
`binary: C:\WINDOWS\System32\vssvc.exe
*Windows Time W32Time running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*WebClient WebClient running auto
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Windows Management Instrumentation winmgmt running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Portable Media Serial Number Service WmdmPmSN - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*WMI Performance Adapter WmiApSrv - on demand
`binary: C:\WINDOWS\System32\wbem\wmiapsrv.exe
*Automatic Updates wuauserv running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Wireless Zero Configuration WZCSVC running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Iomega Active Disk _IOMEGA_ACTIVE_DISK_ running auto
`binary: "C:\Program Files\Iomega\AutoDisk\ADService.exe"
»NT Kernel- and FS-drivers
*Abiosdsk Abiosdsk - disabled
`binary:
*abp480n5 abp480n5 - disabled
`binary:
*Microsoft ACPI Driver ACPI running boot
`binary: \SystemRoot\System32\DRIVERS\ACPI.sys
*ACPIEC ACPIEC - disabled
`binary:
*adpu160m adpu160m - disabled
`binary:
*Microsoft Kernel Acoustic Echo Canceller aec - on demand
`binary: system32\drivers\aec.sys
*AFD Networking Support Environment AFD running auto
`binary: \SystemRoot\System32\drivers\afd.sys
*AFS2K AFS2K running system
`binary:
*Intel AGP Bus Filter agp440 running boot
`binary: \SystemRoot\System32\DRIVERS\agp440.sys
*Aha154x Aha154x - disabled
`binary:
*aic78u2 aic78u2 - disabled
`binary:
*aic78xx aic78xx - disabled
`binary:
*Service for Realtek AC97 Audio (WDM) ALCXWDM running on demand
`binary: system32\drivers\ALCXWDM.SYS
*AliIde AliIde - disabled
`binary:
*AMD K7 Processor Driver AmdK7 - system
`binary: System32\DRIVERS\amdk7.sys
*amsint amsint - disabled
`binary:
*1394 ARP Client Protocol Arp1394 running on demand
`binary: System32\DRIVERS\arp1394.sys
*asc asc - disabled
`binary:
*asc3350p asc3350p - disabled
`binary:
*asc3550 asc3550 - disabled
`binary:
*RAS Asynchronous Media Driver AsyncMac running on demand
`binary: System32\DRIVERS\asyncmac.sys
*Standard IDE/ESDI Hard Disk Controller atapi running boot
`binary: \SystemRoot\System32\DRIVERS\atapi.sys
*Atdisk Atdisk - disabled
`binary:
*ATM ARP Client Protocol Atmarpc - on demand
`binary: System32\DRIVERS\atmarpc.sys
*Audio Stub Driver audstub running on demand
`binary: System32\DRIVERS\audstub.sys
*Beep Beep running system
`binary:
*Usbscan.Sys BulkUsb - on demand
`binary: System32\Drivers\usbscan.sys
*cbidf2k cbidf2k - disabled
`binary:
*Closed Caption Decoder CCDECODE - on demand
`binary: System32\DRIVERS\CCDECODE.sys
*cd20xrnt cd20xrnt - disabled
`binary:
*Cdaudio Cdaudio - system
`binary:
*Cdfs Cdfs running disabled
`binary:
*CD-ROM Driver Cdrom running system
`binary: System32\DRIVERS\cdrom.sys
*Changer Changer - system
`binary:
*CmdIde CmdIde - disabled
`binary:
*Cpqarray Cpqarray - disabled
`binary:
*dac960nt dac960nt - disabled
`binary:
*Disk Driver Disk running boot
`binary: \SystemRoot\System32\DRIVERS\disk.sys
*dmboot dmboot - disabled
`binary: System32\drivers\dmboot.sys
*dmio dmio - disabled
`binary: System32\drivers\dmio.sys
*dmload dmload - disabled
`binary: System32\drivers\dmload.sys
*Microsoft Kernel DLS Syntheiszer DMusic - on demand
`binary: system32\drivers\DMusic.sys
*dpti2o dpti2o - disabled
`binary:
*Microsoft Kernel DRM Audio Descrambler drmkaud - on demand
`binary: system32\drivers\drmkaud.sys
*Fastfat Fastfat running disabled
`binary:
*fasttx2k fasttx2k running boot
`binary: \SystemRoot\System32\DRIVERS\fasttx2k.sys
*Floppy Disk Controller Driver Fdc running on demand
`binary: System32\DRIVERS\fdc.sys
*VIA Rhine Family Fast Ethernet Adapter Driver S FETNDISB running on demand
`ervice
`binary: System32\DRIVERS\fetnd5b.sys
*Fips Fips running system
`binary:
*Floppy Disk Driver Flpydisk running on demand
`binary: System32\DRIVERS\flpydisk.sys
*Volume Manager Driver Ftdisk running boot
`binary: \SystemRoot\System32\DRIVERS\ftdisk.sys
*GEARAspiWDM GEARAspiWDM running on demand
`binary: System32\Drivers\GEARAspiWDM.sys
*Generic Packet Classifier Gpc running on demand
`binary: System32\DRIVERS\msgpc.sys
*Microsoft HID Class Driver HidUsb - on demand
`binary: System32\DRIVERS\hidusb.sys
*hpn hpn - disabled
`binary:
*i2omgmt i2omgmt - system
`binary:
*i2omp i2omp - disabled
`binary:
*i8042 Keyboard and PS/2 Mouse Port Driver i8042prt running system
`binary: System32\DRIVERS\i8042prt.sys
*ialm ialm - on demand
`binary: System32\DRIVERS\ialmnt5.sys
*CD-Burning Filter Driver Imapi running system
`binary: System32\DRIVERS\imapi.sys
*ini910u ini910u - disabled
`binary:
*IntelIde IntelIde - disabled
`binary: \SystemRoot\System32\DRIVERS\intelide.sys
*Iomega Devices Disk Filter Services iomdisk running boot
`binary: \SystemRoot\System32\DRIVERS\iomdisk.sys
*IP Traffic Filter Driver IpFilterDriver - on demand
`binary: System32\DRIVERS\ipfltdrv.sys
*IP in IP Tunnel Driver IpInIp - on demand
`binary: System32\DRIVERS\ipinip.sys
*IP Network Address Translator IpNat - on demand
`binary: System32\DRIVERS\ipnat.sys
*IPSEC driver IPSec running system
`binary: System32\DRIVERS\ipsec.sys
*IR Enumerator Service IRENUM - on demand
`binary: System32\DRIVERS\irenum.sys
*PnP ISA/EISA Bus Driver isapnp running boot
`binary: \SystemRoot\System32\DRIVERS\isapnp.sys
*Keyboard Class Driver Kbdclass running system
`binary: System32\DRIVERS\kbdclass.sys
*Microsoft Kernel Wave Audio Mixer kmixer running on demand
`binary: system32\drivers\kmixer.sys
*KSecDD KSecDD running boot
`binary:
*lbrtfdc lbrtfdc - system
`binary:
*ltmdmntc ltmdmntc - auto
`binary: \??\C:\WINDOWS\System32\drivers\ltmdmntc.sys
*Agere Modem Driver ltmodem5 running on demand
`binary: System32\DRIVERS\ltmdmnt.sys
*mnmdd mnmdd running system
`binary:
*Modem Modem running on demand
`binary:
*Mouse Class Driver Mouclass running system
`binary: System32\DRIVERS\mouclass.sys
*MountMgr MountMgr running boot
`binary:
*mraid35x mraid35x - disabled
`binary:
*mrtRate mrtRate - auto
`binary:
*WebDav Client Redirector MRxDAV running on demand
`binary: System32\DRIVERS\mrxdav.sys
*MRxSmb MRxSmb running system
`binary: System32\DRIVERS\mrxsmb.sys
*Msfs Msfs running system
`binary:
*Microsoft Streaming Service Proxy MSKSSRV - on demand
`binary: system32\drivers\MSKSSRV.sys
*Microsoft Streaming Clock Proxy MSPCLOCK - on demand
`binary: system32\drivers\MSPCLOCK.sys
*Microsoft Streaming Quality Manager Proxy MSPQM - on demand
`binary: system32\drivers\MSPQM.sys
*Microsoft Streaming Tee/Sink-to-Sink Converter MSTEE - on demand
`binary: system32\drivers\MSTEE.sys
*Mup Mup running boot
`binary:
*MxlW2k MxlW2k running on demand
`binary:
*NABTS/FEC VBI Codec NABTSFEC - on demand
`binary: System32\DRIVERS\NABTSFEC.sys
*NAVAP NAVAP running on demand
`binary: \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
*NAVAPEL NAVAPEL running auto
`binary: \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
*NAVENG NAVENG running on demand
`binary: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060510.019\NAVENG.sys
*NAVEX15 NAVEX15 running on demand
`binary: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060510.019\NAVEX15.sys
*NDIS System Driver NDIS running boot
`binary:
*Microsoft TV/Video Connection NdisIP - on demand
`binary: System32\DRIVERS\NdisIP.sys
*Remote Access NDIS TAPI Driver NdisTapi running on demand
`binary: System32\DRIVERS\ndistapi.sys
*NDIS Usermode I/O Protocol Ndisuio running on demand
`binary: System32\DRIVERS\ndisuio.sys
*Remote Access NDIS WAN Driver NdisWan running on demand
`binary: System32\DRIVERS\ndiswan.sys
*NDIS Proxy NDProxy running on demand
`binary:
*NetBIOS Interface NetBIOS running system
`binary: System32\DRIVERS\netbios.sys
*NetBT NetBT running system
`binary: System32\DRIVERS\netbt.sys
*1394 Net Driver NIC1394 running on demand
`binary: System32\DRIVERS\nic1394.sys
*Npfs Npfs running system
`binary:
*Ntfs Ntfs running disabled
`binary:
*Null Null running system
`binary:
*nv nv - on demand
`binary: System32\DRIVERS\nv4_mini.sys
*nVidia WDM Video Capture (universal) nvcap - auto
`binary: System32\DRIVERS\nvcap.sys
*nVidia WDM A/V Crossbar NVXBAR - auto
`binary: System32\DRIVERS\NVxbar.sys
*NVIDIA nForce AGP Bus Filter nv_agp running boot
`binary: \SystemRoot\System32\DRIVERS\nv_agp.sys
*IPX Traffic Filter Driver NwlnkFlt - on demand
`binary: System32\DRIVERS\nwlnkflt.sys
*IPX Traffic Forwarder Driver NwlnkFwd - on demand
`binary: System32\DRIVERS\nwlnkfwd.sys
*NWLink IPX/SPX/NetBIOS Compatible Transport Pro NwlnkIpx running auto
`tocol
`binary: System32\DRIVERS\nwlnkipx.sys
*NWLink NetBIOS NwlnkNb running auto
`binary: System32\DRIVERS\nwlnknb.sys
*NWLink SPX/SPXII Protocol NwlnkSpx running auto
`binary: System32\DRIVERS\nwlnkspx.sys
*VIA OHCI Compliant IEEE 1394 Host Controller ohci1394 running boot
`binary: \SystemRoot\System32\DRIVERS\ohci1394.sys
*Parallel port driver Parport running on demand
`binary: System32\DRIVERS\parport.sys
*PartMgr PartMgr running boot
`binary:
*ParVdm ParVdm running auto
`binary:
*PCI Bus Driver PCI running boot
`binary: \SystemRoot\System32\DRIVERS\pci.sys
*PCIDump PCIDump - system
`binary:
*PCIIde PCIIde running boot
`binary: \SystemRoot\System32\DRIVERS\pciide.sys
*Pcmcia Pcmcia - disabled
`binary:
*PDCOMP PDCOMP - on demand
`binary:
*PDFRAME PDFRAME - on demand
`binary:
*PDRELI PDRELI - on demand
`binary:
*PDRFRAME PDRFRAME - on demand
`binary:
*perc2 perc2 - disabled
`binary:
*perc2hib perc2hib - disabled
`binary:
*Padus ASPI Shell pfc running on demand
`binary: system32\drivers\pfc.sys
*Iomega Parallel Port Legacy Filter Driver ppa3 running boot
`binary: \SystemRoot\System32\DRIVERS\ppa3.sys
*WAN Miniport (PPTP) PptpMiniport running on demand
`binary: System32\DRIVERS\raspptp.sys
*Processor Driver Processor running system
`binary: System32\DRIVERS\processr.sys
*Ps2 Ps2 running on demand
`binary: System32\DRIVERS\PS2.sys
*QoS Packet Scheduler PSched running on demand
`binary: System32\DRIVERS\psched.sys
*Direct Parallel Link Driver Ptilink running on demand
`binary: System32\DRIVERS\ptilink.sys
*PxHelp20 PxHelp20 running boot
`binary: \SystemRoot\System32\DRIVERS\PxHelp20.sys
*ql1080 ql1080 - disabled
`binary:
*Ql10wnt Ql10wnt - disabled
`binary:
*ql12160 ql12160 - disabled
`binary:
*ql1240 ql1240 - disabled
`binary:
*ql1280 ql1280 - disabled
`binary:
*Remote Access Auto Connection Driver RasAcd running system
`binary: System32\DRIVERS\rasacd.sys
*WAN Miniport (L2TP) Rasl2tp running on demand
`binary: System32\DRIVERS\rasl2tp.sys
*Remote Access PPPOE Driver RasPppoe running on demand
`binary: System32\DRIVERS\raspppoe.sys
*Direct Parallel Raspti running on demand
`binary: System32\DRIVERS\raspti.sys
*Rdbss Rdbss running system
`binary: System32\DRIVERS\rdbss.sys
*RDPCDD RDPCDD running system
`binary: System32\DRIVERS\RDPCDD.sys
*RDPWD RDPWD - on demand
`binary:
*Digital CD Audio Playback Filter Driver redbook running system
`binary: System32\DRIVERS\redbook.sys
*Realtek RTL8139/810x Family Fast Ethernet NIC N rtl8139 - on demand
`T Driver
`binary: System32\DRIVERS\R8139n51.SYS
*S3Psddr S3Psddr - on demand
`binary: System32\DRIVERS\s3gnbm.sys
*Secdrv Secdrv - on demand
`binary: System32\DRIVERS\secdrv.sys
*Serenum Filter Driver Serenum running on demand
`binary: System32\DRIVERS\serenum.sys
*Serial port driver Serial running system
`binary: System32\DRIVERS\serial.sys
*Sfloppy Sfloppy - system
`binary:
*Simbad Simbad - disabled
`binary:
*SiS315 SiS315 - on demand
`binary: System32\DRIVERS\sisgrp.sys
*SiS AGP Filter SISAGP running boot
`binary: \SystemRoot\System32\DRIVERS\SISAGPX.sys
*SiSkp SiSkp running system
`binary: System32\DRIVERS\srvkp.sys
*BDA Slip De-Framer SLIP - on demand
`binary: System32\DRIVERS\SLIP.sys
*Sparrow Sparrow - disabled
`binary:
*Microsoft Kernel Audio Splitter splitter - on demand
`binary: system32\drivers\splitter.sys
*ViviCam 35 SQTECH905C - on demand
`binary: System32\Drivers\Capt905c.sys
*System Restore Filter Driver sr running boot
`binary: \SystemRoot\System32\DRIVERS\sr.sys
*Srv Srv running on demand
`binary: System32\DRIVERS\srv.sys
*BDA IPSink streamip - on demand
`binary: System32\DRIVERS\StreamIP.sys
*Software Bus Driver swenum running on demand
`binary: System32\DRIVERS\swenum.sys
*Microsoft Kernel GS Wavetable Synthesizer swmidi - on demand
`binary: system32\drivers\swmidi.sys
*symc810 symc810 - disabled
`binary:
*symc8xx symc8xx - disabled
`binary:
*SYMDNS SYMDNS - on demand
`binary: \SystemRoot\System32\Drivers\SYMDNS.SYS
*SymEvent SymEvent running on demand
`binary: \??\C:\Program Files\Symantec\SYMEVENT.SYS
*SYMFW SYMFW - on demand
`binary: \SystemRoot\System32\Drivers\SYMFW.SYS
*SYMIDS SYMIDS - on demand
`binary: \SystemRoot\System32\Drivers\SYMIDS.SYS
*SYMIDSCO SYMIDSCO - on demand
`binary: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050303.027\symidsco.sys
*SYMNDIS SYMNDIS - on demand
`binary: \SystemRoot\System32\Drivers\SYMNDIS.SYS
*SYMREDRV SYMREDRV - on demand
`binary: \SystemRoot\System32\Drivers\SYMREDRV.SYS
*SYMTDI SYMTDI running system
`binary: \SystemRoot\System32\Drivers\SYMTDI.SYS
*sym_hi sym_hi - disabled
`binary:
*sym_u3 sym_u3 - disabled
`binary:
*Microsoft Kernel System Audio Device sysaudio running on demand
`binary: system32\drivers\sysaudio.sys
*TCP/IP Protocol Driver Tcpip running system
`binary: System32\DRIVERS\tcpip.sys
*TDPIPE TDPIPE - on demand
`binary:
*TDTCP TDTCP - on demand
`binary:
*Terminal Device Driver TermDD running system
`binary: System32\DRIVERS\termdd.sys
*TosIde TosIde - disabled
`binary:
*Udfs Udfs - disabled
`binary:
*ultra ultra - disabled
`binary:
*Microcode Update Driver Update running on demand
`binary: System32\DRIVERS\update.sys
*Microsoft USB 2.0 Enhanced Host Controller Mini usbehci running on demand
`port Driver
`binary: System32\DRIVERS\usbehci.sys
*Microsoft USB Standard Hub Driver usbhub running on demand
`binary: System32\DRIVERS\usbhub.sys
*Microsoft USB Open Host Controller Miniport Dri usbohci - on demand
`ver
`binary: System32\DRIVERS\usbohci.sys
*Microsoft USB PRINTER Class usbprint running on demand
`binary: System32\DRIVERS\usbprint.sys
*USB Scanner Driver usbscan running on demand
`binary: System32\DRIVERS\usbscan.sys
*USB Mass Storage Driver USBSTOR running on demand
`binary: System32\DRIVERS\USBSTOR.SYS
*Microsoft USB Universal Host Controller Minipor usbuhci running on demand
`t Driver
`binary: System32\DRIVERS\usbuhci.sys
*VgaSave VgaSave running system
`binary: \SystemRoot\System32\drivers\vga.sys
*VIA AGP Filter viaagp1 running boot
`binary: \SystemRoot\System32\DRIVERS\viaagp1.sys
*viagfx viagfx running on demand
`binary: System32\DRIVERS\vtmini.sys
*ViaIde ViaIde running boot
`binary: \SystemRoot\System32\DRIVERS\viaide.sys
*VolSnap VolSnap running boot
`binary:
*WINBOND W55U01 USB W55U01 - auto
`binary: System32\Drivers\W55U01.sys
*Remote Access IP ARP Driver Wanarp running on demand
`binary: System32\DRIVERS\wanarp.sys
*WDICA WDICA - on demand
`binary:
*Microsoft WINMM WDM Audio Compatibility Driver wdmaud running on demand
`binary: system32\drivers\wdmaud.sys
*Windows Socket 2.0 Non-IFS Service Provider Sup WS2IFSL - on demand
`port Environment
`binary: \SystemRoot\System32\drivers\ws2ifsl.sys
*World Standard Teletext Codec WSTCODEC - on demand
`binary: System32\DRIVERS\WSTCODEC.SYS
*X4HS32 X4HS32 running auto
`binary: \??\C:\Program Files\EXEtender\X4HS32.Sys
*Intel® Graphics Platform (SoftBIOS) Driver {6080A529-897E-4629- - on demand
`binary: system32\drivers\ialmsbw.sys
*Intel® Graphics Chipset (KCH) Driver {D31A0762-0CEB-444e- - on demand
`binary: system32\drivers\ialmkchw.sys
»Application specific
*********** HiJack This Log ***********
Logfile of HijackThis v1.99.1
Scan saved at 3:30:29 PM, on 5/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yahoo.com (http://\"http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com (http://\"http://www.yahoo.com\")
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp1C96.tmp
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab (http://\"http://www.symantec.com/techsupp/asa/LSSupCtl.cab\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab (http://\"http://www.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (http://\"http://a.download.toontown.com/sv1.0.15.44/ttinst.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/SymAData.cab\")
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/WebUploadClient.cab\")
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email (http://\"http://pdl.stream.Email\") Removed/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Thanks!
Post by: guestolo on May 14, 2006, 05:00:55 PM
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]
Post by: scrappingmama on May 14, 2006, 05:18:44 PM
SmitFraudFix v2.44
Scan done at 17:16:53.00, Sun 05/14/2006
Run from C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\shdocsvc.dll FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Security Toolbar\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}"="AutoDisc Ware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{64ba30a2-811a-4597-b0af-d551128be340}"="AppManager"
[HKEY_CLASSES_ROOT\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="C:\WINDOWS\System32\appmagr.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="C:\WINDOWS\System32\appmagr.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
I am currrently running Panda Activescan as well.
Post by: guestolo on May 14, 2006, 05:39:30 PM
Quote
I am currrently running Panda Activescan as well.
OK, well then, what I need you to do
AFTER the Panda scan is complete
click See Report, then click Save Report and save it to your Desktop.
Come back here and post the report from Panda's
Also,Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Let's see if it's changed at all
I'm stepping out for a bit, after you post those logs, don't run any other scanners till I have a chance to see them please
Post by: scrappingmama on May 14, 2006, 07:52:08 PM
SmitFraudFix v2.44
Scan done at 19:48:41.34, Sun 05/14/2006
Run from C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\shdocsvc.dll FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8e99f990-b75a-4568-b3c8-24cbc8cbbfc1}"="AutoDisc Ware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{64ba30a2-811a-4597-b0af-d551128be340}"="AppManager"
[HKEY_CLASSES_ROOT\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="C:\WINDOWS\System32\appmagr.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="C:\WINDOWS\System32\appmagr.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
***** And here is the Panda Report *****
Incident Status Location
Adware:Adware/Puper Not disinfected C:\WINDOWS\System32\ld5DCF.tmp
Adware:adware/emediacodec Not disinfected c:\windows\system32\atmclk.exe
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Dialer:dialer.baj Not disinfected c:\x.cab
Adware:adware/spywarequake Not disinfected c:\windows\system32\1024\ld5BC5.tmp
Adware:adware program Not disinfected c:\windows\ss3unstl.exe
Adware:adware/yoursearchengine Not disinfected c:\windows\system32\config\systemprofile\favorites\ REMOVE SPYWARE.url
Potentially unwanted tool:application/myway Not disinfected c:\program files\MySearch
Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\smitfraudfix\SmitfraudFix\Process.exe
Dialer:Dialer.FGG Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\dddkjpmd.exe
Virus:Exploit/Codebase.X Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DK83XPWP\targ[1].chm[/target.htm]
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DK83XPWP\targ[1].chm[/win32.exe]
Dialer:Dialer.NO Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M0PNBYDZ\gdnUS2218[1].exe
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\S-1-5-21-3529106849-479641835-784988016-500\Dc19.exe
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.INF
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\1024\ld6C08.tmp
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\1024\ld9B90.tmp
Adware:Adware/Puper Not disinfected C:\WINDOWS\system32\regperf.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\shdocsvc.dll
Dialer:Dialer.FGG Not disinfected C:\WINDOWS\Temp\dbddjpmd.exe
Thanks!
Post by: guestolo on May 14, 2006, 10:41:03 PM
Quote
Sorry, I thought Panda was just going to do a scan. I didn't know it would interfere with your recommendationsNo, it didn't interfere, but gave me a good idea of what it removes before we run the below tools
Can you do the following please, let's see what we can clean
==Download and install Windows CleanUp! 4.5.1 (http://\"http://www.stevengould.org/downloads/cleanup/CleanUp451.exe\")
If you have an older version of CleanUp!, remove it please before installing this newer version
DO NOT use an older version of CleanUp!
Open Ewido Anti-Malware
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work
Manually update with this link
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer
==Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt
If a reboot was required, reboot back to safe mode
If it wasn't required, remain in safe mode
Open Ewido Anti-Malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted
Do a "System scan only" with Hijackthis and put a check next to these entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp1C96.tmp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer afterwards back to Normal mode
Come back here and post the following please
1. Run another Scan and Save logfile with hijackthis log and post a fresh log
2. Post the whole report from Ewido's
Post by: scrappingmama on May 15, 2006, 11:32:54 AM
******************
Logfile of HijackThis v1.99.1
Scan saved at 11:28:58 AM, on 5/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab (http://\"http://www.symantec.com/techsupp/asa/LSSupCtl.cab\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab (http://\"http://www.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (http://\"http://a.download.toontown.com/sv1.0.15.44/ttinst.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/SymAData.cab\")
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/WebUploadClient.cab\")
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email (http://\"http://pdl.stream.Email\") Removed/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
********************
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 11:24:20 AM, 5/15/2006
+ Report-Checksum: 4D298300
+ Scan result:
C:\HJT\backups\backup-20060511-195322-805.dll -> Downloader.Zlob.of : Cleaned with backup
C:\HJT\backups\backup-20060511-195343-270.dll -> Downloader.Zlob.of : Cleaned with backup
C:\HJT\backups\backup-20060511-210151-996.dll -> Downloader.Zlob.of : Cleaned with backup
C:\HJT\backups\backup-20060511-210211-464.dll -> Downloader.Zlob.of : Cleaned with backup
C:\HJT\backups\backup-20060511-210232-397.dll -> Downloader.Zlob.of : Cleaned with backup
C:\HJT\backups\backup-20060511-221808-123.dll -> Downloader.Zlob.of : Cleaned with backup
C:\HJT\backups\backup-20060511-221816-686.dll -> Downloader.Zlob.of : Cleaned with backup
C:\HJT\backups\backup-20060511-223846-298.dll -> Downloader.Zlob.of : Cleaned with backup
C:\HJT\backups\backup-20060512-064845-855.dll -> Downloader.Zlob.of : Cleaned with backup
C:\HJT\backups\backup-20060512-070220-803.dll -> Downloader.Zlob.of : Cleaned with backup
::Report End
************************
SmitFraudFix v2.44
Scan done at 9:50:43.85, Mon 05/15/2006
Run from C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\shdocsvc.dll Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End
Post by: guestolo on May 15, 2006, 12:53:31 PM
c:\x.cab <-file
c:\windows\ss3unstl.exe <-file
c:\windows\system32\config\systemprofile\favorites\ REMOVE SPYWARE.url <-file
c:\program files\MySearch <-folder
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.INF <-this file also, if you have a hard time finding that file
Do the following please, close Explorer
Go to START>>RUN>>copy and paste the following into the open field and hit OK
regsvr32 /u occache.dll
This should make the file visible, now try and find and delete MediaTicketsInstaller.INF
Afterwards, we need to reregister occache.dll
Copy and paste the following into the Run command and hit OK
regsvr32 occache.dll
Let me know if you were able to complete all the above steps
Then we'll just do some final cleanup
Can you also supply me with a Uninstall list from Hijackthis please
Open Hijackthis>>Open Misc tools section>>Open Uninstall Manager
Click the SAVE LIST button
Save this list too your desktop then copy and paste back here the whole contents please
Post by: scrappingmama on May 15, 2006, 01:01:39 PM
Here it is --
"Doras Carnival Adventure (remove only)"
"Nick Video Jigsaw Jam (remove only)"
3D Groove Playback Engine
5 Spots II (remove only)
A Series of Unfortunate Events (remove only)
Active Disk
Ad-Aware SE Personal
Adobe Photoshop Album Starter Edition
Adobe Reader 6.0
Adventures of Bleeposaurus (remove only)
Alphabet Express
Amazing Windows XP Screen Saver 1.2
Anark Client 1.0
Ancient Hearts & Spades
ArcSoft Software Suite
Barbie ® as Princess Bride (tm)
Bleeposaurus 2: Dragonfire (remove only)
Boggle
Bricks of Atlantis
Bursting Bubbles Deluxe (remove only)
Card Classics
CatDog
Centipede
CK Creative Clips and Fonts Sampler
CleanUp!
Compaq Connections
Compaq Instant Support
Compaq Organize
Corel Applications
Danny Phantom Ghost Sweep (remove only)
Disney/Pixar's Buzz Lightyear 2nd Grade
Disney's Mickey Mouse Preschool
Disney's Phonics Quest
Disney's Ready for Math with Pooh
Disney's Toontown Online
Disney's Winnie the Pooh Preschool
Dora Backpack
Dora Knows Your Name
Dora Lost City
Dora the Explorer Screen Saver
Doras Rapido River Rafting Race (remove only)
Doras Star Catching Game (remove only)
Drop Heads (remove only)
Easy Internet Sign-up
EPSON Online Reference Guide
EPSON Printer Software
ewido security suite
EXEtender Player
Express Burn Uninstall
Fairly Odd Parents - Big Super Hero Wish (remove only)
Fairly Odd Parents Information Stupor Highway (remove only)
Fatman Adventures 2 (remove only)
Feeding Frenzy (remove only)
FlavorGraveyard Screen Saver
Gutterball
Halloween Screen Saver
HijackThis 1.99.1
Holiday Snowflakes Screen Saver 1.2
hp deskjet 5100
hp deskjet 5100 series
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Deskjet Series
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PrecisionScan LTX
HP PSC & OfficeJet 3.0
HP Scan-to-Web Wizard
HP Software Update
In A Flash 3
In A Flash Photo 3
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
Internet Explorer Q828750
InterVideo WinDVD Player
IomegaWare 4.0.2
iPod for Windows 2005-10-12
iPod for Windows 2006-03-23
ItsDeductible Express
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_09
Jewel Quest
Jimmy Neutron Boy Genius
Jimmy Neutron Invention Revenge (remove only)
JumpStart Learning Games ABC's
JumpStart Numbers
JumpStart Pre-K
JumpStart Typing
Jungle Heart (remove only)
KBD
LiveUpdate 1.7 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Mad Caps (remove only)
Magic Ball 2
Magic Match 1.18
Math 2
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Outlook 2003
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition
Microsoft Works 7.0
Milton Bradley Classic Board Games
MSN Messenger 7.5
MUSICMATCH® Jukebox
My Wal-Mart Digital Photo Center
Need For Speed - Porsche Unleashed
Nero 7 Demo
Nick Blockade (remove only)
NVIDIA GART Driver
Ocean Life 1 Screensaver
Ocean Life 2 Screensaver
Operation
Outlook Express Update Q330994
PacaJuma Quest (remove only)
PagePrintables
Paint Shop Pro 7
Pajama Sam Life is Rough When You Lose Your Stuff
Pajama Sam No Need to Hide When It's Dark Outside
Palm Desktop
Panda ActiveScan
PC-Doctor for Windows
PDO Desktop
Photosmart 140,240,7200,7600,7700,7900 Series
Playhouse Disney's Stanley Wild for Sharks
Print Workshop 2004 LE
PS2
pumpkinpatch ScreenSaver
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
Reader Rabbit Preschool
RealPlayer
RecordNow!
Rhapsody Player Engine
Roll
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scholastic's I SPY School Days
Scholastic's I SPY Spooky Mansion
Scooby-Doo(tm), Phantom of the Knight(tm)
Scrabble (remove only)
Scrabble Blast Deluxe
Scrabble Complete
Scrabble Deluxe
Sega Smash Pack II
Sesame Street Search & Learn Adventures
Snowy - Treasure Hunter (remove only)
Sonic Update Manager
SpamSubtract
SpongeBob SquarePants 3D Pinball Panic (remove only)
SpongeBob SquarePants Collapse! (remove only)
SpongeBob SquarePants Jellyfish Shuffleboard (remove only)
SpongeBob SquarePants Krabby Quest (remove only)
SpongeBob SquarePants Obstacle Odyssey (remove only)
SpongeBob SquarePants Pizza Toss (remove only)
SpongeBob SquarePants® Operation Krabby Patty
Stop the Morbuzakh (remove only)
Stunt Track Driver
Super GameHouse BlackJack
Symantec AntiVirus Client
Talk to Me
Tarzan Activity Center
The Fairly OddParents
The Font Factory
Time Force
Tonka Raceway
Top Ten Solitaire
trickortreaters ScreenSaver
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax ItsDeductible 2005
Ultimate Game Pak
VIA/S3 Display Driver
ViviCam V35
Wal-Mart Music Downloads Store
WeatherBug
WexTech AnswerWorks
Windows Media Format Runtime
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329112
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329909
Windows XP Hotfix (SP2) Q331953
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811789
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817287
Windows XP Hotfix (SP2) Q817606
Windows XP Winter Fun Pack Screensavers
WinZip
Word Search Deluxe (remove only)
Wordsheets
Yahoo! Companion
Yahtzee
Yu_Gi_Oh!_Monsters_1 Screen Saver
Yu_Gi_Oh!_Time_to_Duel_1 Screen Saver
Zone Deluxe Games
Post by: guestolo on May 15, 2006, 02:02:53 PM
You should also do the following
Download and Install Spybot 1.4 from
HERE (http://\"http://www.download.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button\")
or HERE (http://\"http://www.safer-networking.org/en/download/index.html\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer to finish any cleaning process
Hold onto Spybot
If you feel everything is running better
Final Cleanup
If everything is running better
We should flush all your restore points to ensure you don't restore any nasties that may be sitting idle
- Go to START>>RUN>>In the open field
Type in
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point
[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
Update and do scan's with your Anti-Spyware programs on a regular basis
In addition: Open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Immunize after every update
+I would opt to hold onto CleanUp! and Ewido
Ewido will become a limited free version after a couple of weeks
Still, a great scanner to update and run on a monthly basis
*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
Make sure you check for updates at least once a month!
you still haven't updated to Service pack 2?
Is there a reason for this?
I would take this oppurtunity to update
Please see this link:
http://www.microsoft.com/windowsxp/sp2/default.mspx (http://\"http://www.microsoft.com/windowsxp/sp2/default.mspx\")
Take note on that page and read the following
[indent]What to know before you download and install[/indent]
Before updating I would run the disk defragmentor on your computer
START>>All Programs>>Accessories>>System Tools>>Disk Defragmenter
If you haven't ran this in awhile, it could take a bit of time to finish, let it run uninterrupted
I find it best ran in safe mode
Then reboot back to Normal mode and visit Windows Updates!
If your on dialup, you may choose to order the free CD
There is a link on that page also
NOTE: You have HP's Share-to-Web installed, it's not a bad thing, but there was a Windows update that caused problems with IE address bar, unable to open some folders, etc...
Not to worry, if you experience any of these problems, post back and we will fix that issue for you
Do Not remove Sp2 because of this!
Post by: scrappingmama on May 15, 2006, 05:35:49 PM
Post by: guestolo on June 12, 2006, 11:59:06 PM
Take care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />