Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

spytrooper

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

spytrooper

Unread postby rovak » December 6th, 2005, 8:23 am

It seems that I`m having trouble with the SpyTrooper, whose icon keeps appearing in my tray. Here`s my HiJack file:
Logfile of HijackThis v1.99.1
Scan saved at 13:13:12, on 6.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClientNT.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClient.exe
C:\Finko\bin\fbguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kontiki\bin\kontiki.exe
C:\Program Files\Siemens\Gigaset PC Card 54\GigasetWLANMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Finko\bin\fbserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Xi\NetTransport 2\NetTransport.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\SLAVEN\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hpE166.tmp
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [NetBuster] C:\Documents and Settings\SLAVEN\Desktop\netbuster1_31\NetBuster.exe
O4 - HKLM\..\Run: [Cydoor] CD_Load.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tcomantidialerrun] C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [zdnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s zdnet -q
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Edit with X&ML Spy - C:\Program Files\Altova\XMLSPY2004\spy.htm
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSPY2004\spy.htm
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSPY2004\spy.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HTnet - {221503E2-0280-4DA0-BA9D-C3DCA8BBAE54} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\q10585220.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DNS4Me Client (DNS4MeClient) - Unknown owner - C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClientNT.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Finko\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Finko\bin\fbserver.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Servers Alive (salive) - Realtek Semiconductor Corporation - (no file)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
rovak
Active Member
 
Posts: 6
Joined: December 6th, 2005, 8:08 am
Advertisement
Register to Remove

Unread postby Perculator » December 6th, 2005, 7:38 pm

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

Now scan with HJT and place a checkmark next to each of the following items:

O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hpE166.tmp

O4 - HKLM\..\Run: [Cydoor] CD_Load.exe

now click Fix checked
and close HijackThis


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows

Make and post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby rovak » December 7th, 2005, 9:55 am

Everything seems to be running Ok. I just have one question: when I started Windows in safe mode I had to choose between my user account, which is the only one on my computer and the administrators one. Idont know if its normal. Any suggestions on the use of Bearshare whose spyware Ewido could not delete.
Here are the logfiles:
Logfile of HijackThis v1.99.1
Scan saved at 14:47:21, on 7.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClientNT.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClient.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Finko\bin\fbguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kontiki\bin\kontiki.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Siemens\Gigaset PC Card 54\GigasetWLANMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Finko\bin\fbserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SLAVEN\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [NetBuster] C:\Documents and Settings\SLAVEN\Desktop\netbuster1_31\NetBuster.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tcomantidialerrun] C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [zdnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s zdnet -q
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Edit with X&ML Spy - C:\Program Files\Altova\XMLSPY2004\spy.htm
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSPY2004\spy.htm
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSPY2004\spy.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HTnet - {221503E2-0280-4DA0-BA9D-C3DCA8BBAE54} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\q10585220.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DNS4Me Client (DNS4MeClient) - Unknown owner - C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClientNT.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Finko\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Finko\bin\fbserver.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Servers Alive (salive) - Realtek Semiconductor Corporation - (no file)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:53:06, 7.12.2005
+ Report-Checksum: 77F0C44A

+ Scan result:

C:\Program Files\BearShare\Installer\saveinstwm.exe/Weather.exe -> Adware.SaveNow : Ignored
C:\Program Files\Common Files\Sony Shared\Visualizer\ExlGen.dll -> Dialer.Generic : Ignored
C:\Program Files\Evrsoft\1st Page 2000\IScripts\Buttons\Six buttons from hell.izs -> Trojan.Loop : Ignored
HKU\S-1-5-21-3588590466-2801439982-1300003180-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29CAC0B6-D6C2-4395-8289-BF3FBF27AD5F} -> Spyware.RapidBlaster : Cleaned with backup
HKU\S-1-5-21-3588590466-2801439982-1300003180-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-3588590466-2801439982-1300003180-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
C:\!KillBox\mssearchnet.exe -> Downloader.Zlob.by : Cleaned with backup
:mozilla.6:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.7:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.8:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.10:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.14:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.15:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.16:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.19:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.24:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.36:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.54:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.56:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.57:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.73:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.74:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.83:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.84:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.92:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.115:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.125:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.135:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.136:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.186:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.212:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.213:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.233:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.234:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.235:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.236:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.270:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.271:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.356:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.358:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.366:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.397:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.404:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.405:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.406:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.407:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.29:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.30:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.31:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.55:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.58:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.76:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.77:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.90:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.93:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.94:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.151:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.154:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.155:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.156:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.157:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.162:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.163:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.164:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.167:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.192:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.205:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.206:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.207:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.216:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.217:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.218:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.219:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.220:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.247:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.248:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.281:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.282:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.284:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.285:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.286:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.287:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.288:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.289:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.290:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.293:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.295:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.297:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Ad-flow : Cleaned with backup
:mozilla.299:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.300:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\default\eycj5h9t.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.31:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.35:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.85:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.86:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
:mozilla.94:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.95:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.100:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.108:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.110:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.112:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.113:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.122:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.132:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.133:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.134:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.135:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.138:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.139:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.147:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.151:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.156:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.157:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.165:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.166:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.173:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.221:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.231:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.232:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.233:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.243:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.257:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.258:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.259:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.261:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.281:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.284:C:\Documents and Settings\SLAVEN\Application Data\Phoenix\Profiles\Default User\rndwpsvf.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\BearShare\Installer\saveinstwm.exe/Uninst.exe -> Adware.SaveNow : Error during cleaning
C:\Program Files\BearShare\Installer\saveinstwm.exe/Weather.exe -> Adware.SaveNow : Error during cleaning
C:\Program Files\BearShare\Installer\saveinstwm.exe/Uninst.exe -> Adware.SaveNow : Error during cleaning


::Report End




smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: sri 07.12.2005
The current time is: 9:14:50,41

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

Take It Here - Daily Updated Porn Links.url
Take It Here - Daily Updated Porn Links.url
Free XXX Sites List.url
Antivirus Test Online.url


~~~ system32 folder ~~~

1024 dir
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 756 'explorer.exe'
Killing PID 756 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)



Thank You very much!
rovak
Active Member
 
Posts: 6
Joined: December 6th, 2005, 8:08 am

Unread postby Perculator » December 9th, 2005, 6:12 pm

Reply to you at saturday afternoon
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby Perculator » December 10th, 2005, 1:10 pm

Everything seems to be running Ok. I just have one question: when I started Windows in safe mode I had to choose between my user account, which is the only one on my computer and the administrators one. Idont know if its normal


That's normal do not worry :lol:

You'd better uninstall if still installed i know a spywarefree version for you to download i'll give the link when you are all clean


Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c\windelf.txt, along with a new hijackhislog.
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby rovak » December 11th, 2005, 5:24 pm

Since I used all the problems i`ve had many crashes. When I send the error report to the Microsoft, they said that the problem was with some driver and the other time with some viruses. I've uninstalled Bearshare maybe he was causing the problems and here are the reports of the scan:

************************
* WIN32DELFKIL LOGFILE *
************************


BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------

File(s) found in system32 folder
--------------------------------
st3.dll

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} REG_SZ st3

Notify key
----------
subkey st3 is present!



AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------

File(s) found in system32 folder
--------------------------------

SharedTaskScheduler key
-----------------------

SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman © 2005

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

Notify key
----------


Logfile of HijackThis v1.99.1
Scan saved at 22:14:26, on 11.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClientNT.exe
C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClient.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Finko\bin\fbguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Finko\bin\fbserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kontiki\bin\kontiki.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Siemens\Gigaset PC Card 54\GigasetWLANMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\SLAVEN\Desktop\HijackThis.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [NetBuster] C:\Documents and Settings\SLAVEN\Desktop\netbuster1_31\NetBuster.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tcomantidialerrun] C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [zdnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s zdnet -q
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Edit with X&ML Spy - C:\Program Files\Altova\XMLSPY2004\spy.htm
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSPY2004\spy.htm
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSPY2004\spy.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HTnet - {221503E2-0280-4DA0-BA9D-C3DCA8BBAE54} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/d ... se2213.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DNS4Me Client (DNS4MeClient) - Unknown owner - C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClientNT.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Finko\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Finko\bin\fbserver.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Servers Alive (salive) - Realtek Semiconductor Corporation - (no file)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
rovak
Active Member
 
Posts: 6
Joined: December 6th, 2005, 8:08 am

Unread postby Perculator » December 12th, 2005, 6:00 pm

just a little question
do you use this program yourself ?

O4 - HKLM\..\Run: [NetBuster] C:\Documents and Settings\SLAVEN\Desktop\netbuster1_31\NetBuster.exe
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby rovak » December 12th, 2005, 6:23 pm

Yes I do. Recommended program from my internet provider to help fight trojans. Since I uninstalled Bearshare the crashes have stopped.
rovak
Active Member
 
Posts: 6
Joined: December 6th, 2005, 8:08 am

Unread postby Perculator » December 15th, 2005, 3:25 pm

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
And update it ! but do not use it now



Next, please reboot your computer in SafeMode by doing the following:
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.


Start hijackthis an put a check at the following lines if still present

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

now click Fix checked
and close hijackthis


remove this folder if still present

C:\Program Files\BearShare


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido


Reboot back into windows normal mode and show me
A fresh hijackthis log
Along with the report of ewido.



How is your computer now?
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby rovak » December 16th, 2005, 9:53 am

I`ve done all requested. I hope that everything`s all right now.
Here are the reports:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:50:54, 16.12.2005
+ Report-Checksum: 1CB8885A

+ Scan result:

C:\Program Files\Common Files\Sony Shared\Visualizer\ExlGen.dll -> Dialer.Generic : Ignored
:mozilla.11:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.28:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.67:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.68:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.69:C:\Documents and Settings\SLAVEN\Application Data\Mozilla\Firefox\Profiles\btc6fi5v.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@counter11.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@counter15.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@counter2.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@ehg-playboy.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@ehg-suite101.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@hotlog[1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@internetorderllc.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@msnservices.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@programs.wegcash[1].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@spylog[2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@vitacost.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
C:\Documents and Settings\SLAVEN\Cookies\slaven@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup


::Report End




Logfile of HijackThis v1.99.1
Scan saved at 14:51:25, on 16.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClientNT.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClient.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Finko\bin\fbguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Documents and Settings\SLAVEN\Desktop\netbuster1_31\NetBuster.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Kontiki\bin\kontiki.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Siemens\Gigaset PC Card 54\GigasetWLANMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Finko\bin\fbserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Documents and Settings\SLAVEN\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [NetBuster] C:\Documents and Settings\SLAVEN\Desktop\netbuster1_31\NetBuster.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tcomantidialerrun] C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [zdnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s zdnet -q
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Edit with X&ML Spy - C:\Program Files\Altova\XMLSPY2004\spy.htm
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSPY2004\spy.htm
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSPY2004\spy.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HTnet - {221503E2-0280-4DA0-BA9D-C3DCA8BBAE54} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/d ... se2213.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ECB61B9-9C9D-494A-9C2F-868524C0426F}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DNS4Me Client (DNS4MeClient) - Unknown owner - C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClientNT.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Finko\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Finko\bin\fbserver.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Servers Alive (salive) - Realtek Semiconductor Corporation - (no file)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
rovak
Active Member
 
Posts: 6
Joined: December 6th, 2005, 8:08 am

Unread postby Perculator » December 18th, 2005, 4:44 pm

Log looks clean... great job!

Please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.

  3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  8. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Please take time to read the following article

How did i get infected in the first place?

Good luck
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

thanks

Unread postby rovak » December 18th, 2005, 6:57 pm

Thank you very much. I hate to bother You again, but You promised me a link to a spyware-free Bearshare.

Thanks again :D
rovak
Active Member
 
Posts: 6
Joined: December 6th, 2005, 8:08 am

Unread postby Perculator » December 18th, 2005, 6:58 pm

yes you are right i 'm searching now ....don't leave ;)
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby Perculator » December 18th, 2005, 6:59 pm

Bearshare Lite 5.2.0

Q. What is the difference between BearShare Lite and the other versions?

BearShare Lite's main feature is the complete absence of third-party software of any kind. The other two versions are either sponsored or available by paid subscription.
User avatar
Perculator
Regular Member
 
Posts: 470
Joined: March 30th, 2005, 4:55 pm
Location: netherlands

Unread postby NonSuch » December 22nd, 2005, 2:03 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware