1
Tech Clinic / Problem removing Spy Axe
« on: December 19, 2005, 06:22:57 AM »
It's strange, because I don't actually see the files on my HD. Maybe Ad-aware removed them since?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tech Clinic / Problem removing Spy Axe
« on: December 16, 2005, 09:04:30 AM »
Panda came back clean!
No viruses or other malicious software have been found!
Detected Disinfected
Virus 0 0
Spyware 0 0
Hacking Tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0
So unless you see more dodgy stuff left in any of these reports/logs, I think I'm done?
thanks a lot!
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'
\' />
cheers,
Rob.
No viruses or other malicious software have been found!
Detected Disinfected
Virus 0 0
Spyware 0 0
Hacking Tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0
So unless you see more dodgy stuff left in any of these reports/logs, I think I'm done?
thanks a lot!
\' />cheers,
Rob.
3
Tech Clinic / Problem removing Spy Axe
« on: December 16, 2005, 08:46:18 AM »
Wow! that worked! I don't get the annoying spyaxe icon in the system tray anymore http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'
\' />
In the end I had to do some thing slightly different. As I said cwshredder was giving me problems so I couldn't use that. win32delfkil.exe went according to plan as did Fixwareout.exe. The only difference was that when Fixwareout was finished and I had to run HJT, it didn't show up all the O#'s you told me to remove.
Then it got interesting as the computer wouldn't boot in safemode. I selected safemode but nothing happened after that, it just showed me a black screen.
In normal mode I found spyaxe in the add/remove programs, and removed it, but not UnSpyPC.
Cleanup! ran fine, SmitRem.exe ran fine and Ewido ran fine.
Here are all the reports/logs. Panda is running now, I'll post that log/report when it's done.
New Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 14:40:31, on 16-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ewido\ewidoctrl.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Mobile Theater\Monitor.exe
C:\Program Files\Mobile Theater\RMC.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Mobile Theater\Monitor.exe
O4 - HKLM\..\Run: [Ulead Remote Control Center] C:\Program Files\Mobile Theater\RMC.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8569771E-4AFA-4FA9-A90F-AB98FC6403D9} (Netcam_mfc_activeX Control) - http://192.168.1.1/netcam_mfc_activeX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~2\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Ewido report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 14:21:57, 16-12-2005
+ Report-Checksum: B43C53FA
+ Scan result:
C:\WINDOWS\system32\dmgdh.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\WINDOWS\system32\cswho.exe -> Downloader.Small : Cleaned with backup
C:\Program Files\Kazaa Lite\supertrick.txt -> Trojan.Bambo.Hosts.A : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP5\A0001640.exe -> Not-A-Virus.NetTool.Win32.PsKill : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP63\A0010047.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP63\A0010054.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP63\A0010063.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010065.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010072.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010083.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010090.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010096.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010109.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010114.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010159.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010168.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010186.EXE -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010196.EXE -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010210.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010223.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010244.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010254.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010261.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010272.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010278.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010289.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0011278.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0011285.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP66\A0011305.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP66\A0011317.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP66\A0012303.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP66\A0012311.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012402.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012415.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012425.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012430.DLL -> Downloader.Delf.h : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012431.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012438.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012456.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012478.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012493.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012501.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012507.exe -> Trojan.Favadd.an : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012509.exe -> Trojan.Qhost.df : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012511.exe -> Spyware.Msnagent : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012512.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012527.DLL -> Adware.Spyaxe : Cleaned with backup
::Report End
Smitfile.txt:
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: 16-12-2005
The current time is: 14:05:44.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
ioctrl.dll
1024 dir
ncompat.tlb
mscornet.exe
logfiles
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 2660 'explorer.exe'
Killing PID 2660 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />
Windelf.txt:
************************
* WIN32DELFKIL LOGFILE *
************************
BEFORE RUNNING WIN32DELFKIL
***************************
File(s) found in Windows directory
----------------------------------
adsldpbe.dll
File(s) found in system32 folder
--------------------------------
st3.dll
SharedTaskScheduler key
-----------------------
SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} REG_SZ st3
{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} REG_SZ Windows Update
Notify key
----------
subkey st3 is present!
AFTER RUNNING WIN32DELFKIL
**************************
File(s) found in Windows directory
----------------------------------
File(s) found in system32 folder
--------------------------------
SharedTaskScheduler key
-----------------------
SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} REG_SZ Windows Update
Notify key
----------
Fixwareout:
Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\ritmd
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSWHO.EXE
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
C:\WINDOWS\SYSTEM32\DMTIR.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
\' />In the end I had to do some thing slightly different. As I said cwshredder was giving me problems so I couldn't use that. win32delfkil.exe went according to plan as did Fixwareout.exe. The only difference was that when Fixwareout was finished and I had to run HJT, it didn't show up all the O#'s you told me to remove.
Then it got interesting as the computer wouldn't boot in safemode. I selected safemode but nothing happened after that, it just showed me a black screen.
In normal mode I found spyaxe in the add/remove programs, and removed it, but not UnSpyPC.
Cleanup! ran fine, SmitRem.exe ran fine and Ewido ran fine.
Here are all the reports/logs. Panda is running now, I'll post that log/report when it's done.
New Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 14:40:31, on 16-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ewido\ewidoctrl.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Mobile Theater\Monitor.exe
C:\Program Files\Mobile Theater\RMC.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Mobile Theater\Monitor.exe
O4 - HKLM\..\Run: [Ulead Remote Control Center] C:\Program Files\Mobile Theater\RMC.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8569771E-4AFA-4FA9-A90F-AB98FC6403D9} (Netcam_mfc_activeX Control) - http://192.168.1.1/netcam_mfc_activeX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~2\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Ewido report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 14:21:57, 16-12-2005
+ Report-Checksum: B43C53FA
+ Scan result:
C:\WINDOWS\system32\dmgdh.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\WINDOWS\system32\cswho.exe -> Downloader.Small : Cleaned with backup
C:\Program Files\Kazaa Lite\supertrick.txt -> Trojan.Bambo.Hosts.A : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP5\A0001640.exe -> Not-A-Virus.NetTool.Win32.PsKill : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP63\A0010047.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP63\A0010054.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP63\A0010063.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010065.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010072.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010083.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010090.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010096.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010109.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010114.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010159.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010168.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010186.EXE -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010196.EXE -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP64\A0010210.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010223.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010244.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010254.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010261.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010272.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010278.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0010289.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0011278.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP65\A0011285.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP66\A0011305.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP66\A0011317.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP66\A0012303.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP66\A0012311.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012402.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012415.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012425.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012430.DLL -> Downloader.Delf.h : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012431.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012438.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012456.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012478.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012493.exe -> Trojan.DNSChanger.aw : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012501.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012507.exe -> Trojan.Favadd.an : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012509.exe -> Trojan.Qhost.df : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012511.exe -> Spyware.Msnagent : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012512.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{DAD3CB68-32D3-4EFC-A843-746CDFF2847D}\RP69\A0012527.DLL -> Adware.Spyaxe : Cleaned with backup
::Report End
Smitfile.txt:
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: 16-12-2005
The current time is: 14:05:44.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
ioctrl.dll
1024 dir
ncompat.tlb
mscornet.exe
logfiles
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 2660 'explorer.exe'
Killing PID 2660 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
\' />Windelf.txt:
************************
* WIN32DELFKIL LOGFILE *
************************
BEFORE RUNNING WIN32DELFKIL
***************************
File(s) found in Windows directory
----------------------------------
adsldpbe.dll
File(s) found in system32 folder
--------------------------------
st3.dll
SharedTaskScheduler key
-----------------------
SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} REG_SZ st3
{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} REG_SZ Windows Update
Notify key
----------
subkey st3 is present!
AFTER RUNNING WIN32DELFKIL
**************************
File(s) found in Windows directory
----------------------------------
File(s) found in system32 folder
--------------------------------
SharedTaskScheduler key
-----------------------
SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F} REG_SZ Windows Update
Notify key
----------
Fixwareout:
Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\ritmd
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSWHO.EXE
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
C:\WINDOWS\SYSTEM32\DMTIR.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
4
Tech Clinic / Problem removing Spy Axe
« on: December 15, 2005, 05:49:22 PM »
Hi guestolo,
Whenever I try running CWShredder.exe and click on fix, it starts checking stuff but then after about 10 seconds the blue screen of death comes and it restarts the computer... i would continue with the rest and skip CWShredder but I'm checking with you first.
Any ideas?
Rob.
Whenever I try running CWShredder.exe and click on fix, it starts checking stuff but then after about 10 seconds the blue screen of death comes and it restarts the computer... i would continue with the rest and skip CWShredder but I'm checking with you first.
Any ideas?
Rob.
5
Tech Clinic / Problem removing Spy Axe
« on: December 14, 2005, 07:42:48 AM »
Hi,
I seem to have spy axe and have tried removing it with Ad-Aware and Search & Destroy as well as trying several other suggestions on forums such as this.
Here's my HJT log, please help! Thanks!
Logfile of HijackThis v1.99.1
Scan saved at 13:34:02, on 14-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Ewido\ewidoctrl.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Mobile Theater\Monitor.exe
C:\Program Files\Mobile Theater\RMC.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\adsldpbe.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Mobile Theater\Monitor.exe
O4 - HKLM\..\Run: [Ulead Remote Control Center] C:\Program Files\Mobile Theater\RMC.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8569771E-4AFA-4FA9-A90F-AB98FC6403D9} (Netcam_mfc_activeX Control) - http://192.168.1.1/netcam_mfc_activeX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E1E1B43-9D8F-4949-B46D-D5FC3469FBA3}: NameServer = 85.255.114.26,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{24A3CC14-CB0E-4B03-A4D7-92D2AD6F89F5}: NameServer = 85.255.114.26,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{69055B47-DB54-4114-8C32-DC12FE49E399}: NameServer = 85.255.114.26,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BEB0E06-4984-4CB1-9F47-662604C06787}: NameServer = 85.255.114.26,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{949D43AC-4B92-42A4-B1E4-F1E4E9FA19A6}: NameServer = 85.255.114.26,85.255.112.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E1E1B43-9D8F-4949-B46D-D5FC3469FBA3}: NameServer = 85.255.114.26,85.255.112.142
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~2\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
I seem to have spy axe and have tried removing it with Ad-Aware and Search & Destroy as well as trying several other suggestions on forums such as this.
Here's my HJT log, please help! Thanks!
Logfile of HijackThis v1.99.1
Scan saved at 13:34:02, on 14-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Ewido\ewidoctrl.exe
C:\WINDOWS\system32\RemoteControlService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Mobile Theater\Monitor.exe
C:\Program Files\Mobile Theater\RMC.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\adsldpbe.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Mobile Theater\Monitor.exe
O4 - HKLM\..\Run: [Ulead Remote Control Center] C:\Program Files\Mobile Theater\RMC.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8569771E-4AFA-4FA9-A90F-AB98FC6403D9} (Netcam_mfc_activeX Control) - http://192.168.1.1/netcam_mfc_activeX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E1E1B43-9D8F-4949-B46D-D5FC3469FBA3}: NameServer = 85.255.114.26,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{24A3CC14-CB0E-4B03-A4D7-92D2AD6F89F5}: NameServer = 85.255.114.26,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{69055B47-DB54-4114-8C32-DC12FE49E399}: NameServer = 85.255.114.26,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BEB0E06-4984-4CB1-9F47-662604C06787}: NameServer = 85.255.114.26,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{949D43AC-4B92-42A4-B1E4-F1E4E9FA19A6}: NameServer = 85.255.114.26,85.255.112.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E1E1B43-9D8F-4949-B46D-D5FC3469FBA3}: NameServer = 85.255.114.26,85.255.112.142
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~2\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Pages: [1]