Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unstoppable popups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Bob4 » August 13th, 2006, 4:05 pm

Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\Program Files\Common Files\{BCFB2313-0AE9-1033-0126-040218200001}\Update.exe



Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).


If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.





Back up the registry
_________________________________
Go to Start > Run
Type:
    regedit
Click OK.

  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
      Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put backup
  • Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.





Next
__________________________________

Open note pad and copy the text in the box exactly to notepad.


Code: Select all
REGEDIT4 

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] 



Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.



Then click on the FILE menu and select save as
Save the file as regfix.reg. Save the file to the desktop.
IMPORTANT: make sure to save the file as "all types" and NOT as a text file.

Now double click the file on the desktop
When asked if you want this to merge with the registry.
Click YES!


___________________________________
Search for and remove
Now I want you to search for and delete the following folder and all it's contents if present. If you need help finding them.
Click start /search/ all files and folders/ look for More advanced options. once in there select the first 3 boxes.
Please just remove the files/folders I listed in BOLD

C:\Program Files\Common Files\{BCFB2313-0AE9-1033-0126-040218200001}

Post a new log. Hopefully we are done. I will let you know.[/b]
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida
Advertisement
Register to Remove

Hijack log

Unread postby Eagledunk » August 13th, 2006, 11:00 pm

Thank you! Here ya go.

Log


Logfile of HijackThis v1.99.1
Scan saved at 10:54:08 PM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/i ... downls.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/ ... ontrol.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Unread postby Bob4 » August 14th, 2006, 6:46 am

____________________________
Your Java is out of date it is a a security risk. Lets update it. Click here to update
You will have to accept terms then download Java Runtime Environment (JRE) 5.0 Update 8



. Allow it acsess to the net if any of your software asks about it.

When your finished go to start/control panel/add remove programs and uninstall the older version.
The newest version is J2SE runtime envirment 5.0 update 8. Leave that one and uninstall any other update version..





Great news ! Image

Your log now appears to be clean.

Lets do a few things to tidy up.
Please do these in the order I suggest!


___________________________________
If we have set your computer to see all files and folders we must reprotect them.

UNDO SHOW ALL FILES
click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Deselect in the checkbox labeled Display the contents of system folders.
Deselect the checkbox labeled Show hidden files and folders.
Select the checkmark from the checkbox labeled Hide file extensions for known file types.
Replace the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK .
Now many important files are safe.


___________________________________
Download and install CCleaner from here.
NOTE: Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option .

If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.


Now open the program and click on Run Cleaner
( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).

You may opt out of cleaning cookies. If you clean them alls you will have to do is retype names and passwords for places you visit on the net 1 time.
If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla
I clean all my cookies out from time to time. It's not that big a deal if you remember passwords.


___________________________________
Please create a 'clean' System Restore Point:
The reason for doing this is in case you need system restore you don't put back all we just took out.
Right click My Computer
Then Propeties then system restore
Place a check mark by turn off system restore
Click APPLY
Windows will give you a warning click yes
REBOOT

Now go right back to the same place and unchecksystem restore
Click APPLYand OK





___________________________________
A few things to help with possible threats
SpywareBlaster

Install SpywareBlaster

SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs.
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.


______________________________
SiteHound

http://www.firetrust.com/firetrustsitehound.html

This tool bar will help protect you from.

Over 4,000 fake bank and credit sites.
Tens of thousands of pornographic
and adult sites.
The never ending fake phishing sites.
Malicious sites, which can infect you
with spyware and adware if you visit
them.
Sites to download software which
may infect your computer with
spyware, a virus or adware


___________________________________
Download and keep these updated and run weekly if you don't already have them.

Adaware
Tutorial

spybot seach & destroy
Tutorial




___________________________________
Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from connecting to malware and spyware sites by redirecting the connection request to 127.0.0.1, which is your local address. If you use a proxy server, or if you are on AOL, be sure to read the special instructions.
You can download the MVPS Hosts File and see a HOSTS file tutorial here :
This website also contains useful tips, and links to other resources and utilities.


___________________________________
Make your Internet Explorer more secure
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click on the Security tab
3. Click the Internet icon so it becomes highlighted.
4. Click on Default Level and click Ok
5. Click on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

6. Next press the Apply button and then the OK to exit the Internet Properties page.



___________________________________
Keep windows updated here

___________________________________
You can read about alot safer surfing here


___________________________________
And it goes without saying do not open Email from someone you don't know.

___________________________________
This is how you may have become infected


___________________________________
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you do not have to be registered to post.. just find your country room and register your complaint.
The infections you had were Look 2 Me and Qoologic

Safe and Happy Surfing. :)
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Am I safe?

Unread postby Eagledunk » August 14th, 2006, 5:02 pm

I have done everything. I had a hard time with Java. I got a lot of error messages from Ewido and an Error 1704. AN installation for Microsoft.Net framework is currently suspended.....

SO, I am safe though?

Oh, also I can't uninstall Java 2 Runtime SE V.1.4.1_02 - it only wants to install. Also should I uninstall Java Web Start?

THANK YOU!!!
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Unread postby Bob4 » August 14th, 2006, 8:49 pm

I must apologize. I missed one infection. After this you are clean. I will also post some info for you on fixing java after I see the next log.


______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe


Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\redistributor.exe

Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).


If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please post another HJT log.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Hijack log

Unread postby Eagledunk » August 15th, 2006, 7:43 am

I could not find the system32/redistributor.exe using killbox. I did unhide the files....stil was not there.

HiJack this log

Logfile of HijackThis v1.99.1
Scan saved at 7:41:40 AM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/i ... downls.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/ ... ontrol.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Unread postby Bob4 » August 15th, 2006, 4:47 pm

OK that log is clean. I am sorry I missed that one item. :oops:
You are now able to surf the net safely. And do Banking to the best of my knowledge.
Seeings you do banking online stop by here every once in a while just to have things checked out. We don't mind. ;)

1704 error Read from the link below . This may be both part of the 1704 error and java problems. But I will tell you that it looks like in your log you have the correct version installed. So do not panic over that.
http://www.appdeploy.com/msierrors/detail.asp?id=6


Java web
This is different than Java run time environment. You may keep this program if you use it.

Feel free to post back and let me know of any other issues you may be having.
Last edited by Bob4 on August 15th, 2006, 5:16 pm, edited 1 time in total.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

THANK YOU!!

Unread postby Eagledunk » August 15th, 2006, 5:11 pm

FOR ALL YOUR HELP!! MUCH APPRECIATED! SO GLAD NOT TO HAVE TO SPEND another evening working on it! :D
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

One other ?

Unread postby Eagledunk » August 15th, 2006, 11:03 pm

Now my computer is running PAINFULLY slow. It took Quicken almost 10minutes just to open. Open folders takes quite a bit of time? Any idea why. I haven't touched anything since sending the last Hijack log - other tahn attempting to open QUicken. I wasn't even connected the internet.

Dd
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Unread postby Bob4 » August 16th, 2006, 3:49 am

As I said in the beginning. This computer was very infected. And we could have no idea what may have been placed on it.

Lets look a bit deeper.



Run a RootkitRevealer Scan
Download RootkitRevealer from From here and unzip it to its own directory, such as C:\RKR
With all other windows closed, double-click RootkitRevealer.exe
You may get a warning from your protection systems that a new service is being installed; this will have a random name, and is generated by RootkitRevealer. Allow it please.
Click Scan
Once the scan is complete, click File -> Save... and save the log to your Desktop as rkr.txt


Post that log for me. Along with a new HJT log.


While I look at that log for you ,you may also try this.



As far as speeding things up here's what I would do.

If you look at your log the 04 lines are processes that run at start up. I would Google each file and see whether it is needed at start up or not. Do the same with the 04 lines.
Then go to start/run and type in MSconfig.. go to the start up tab and uncheck what I didn't need to run at start up.
Obviously you need your anti virus and firewall running. DO NOT DISABLE THEM !

I'll do one for you.

I googled atiptaxx.exe
from this line

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

Google gave me this link.

http://www.liutilities.com/products/win ... ry/msmsgs/

I choose to look at this link. Which tells me it is not needed to run all the time. I would disable this to help speed things up. Do that for all the 04 lines
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Hijack & rkr log

Unread postby Eagledunk » August 16th, 2006, 10:10 pm

Thanks! Here are the logs. Can I remove Ewido -that seems to slow things down.

RKR
HKLM\SOFTWARE\ewido anti-spyware\config\74831C95 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2B5012F7 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\66683B14 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\45866C83 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\45812DD5 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\435B5DF4 8/16/2006 9:36 PM 38 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\689C3580 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\53AF483F 8/16/2006 9:36 PM 51 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\24272ED6 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\120A035A 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\30976F89 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\402541A9 8/16/2006 9:36 PM 39 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\500A6551 8/16/2006 9:36 PM 34 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\38AC47B9 8/16/2006 9:36 PM 43 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\772A2B3C 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\7F424C30 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\7D550946 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\11C61404 8/16/2006 9:36 PM 39 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\17FC1229 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\5ED41EEC 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\25495376 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\058F7814 8/16/2006 9:36 PM 49 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\0A054BE5 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\429E7F15 8/16/2006 9:36 PM 38 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\26B81BE9 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2E753D24 8/16/2006 9:36 PM 37 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\28122488 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\30D61A89 8/16/2006 9:36 PM 53 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\3689086A 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\4D970854 8/16/2006 9:36 PM 48 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\49444330 8/16/2006 9:36 PM 48 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2EA5724B 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\20384B07 8/16/2006 9:36 PM 36 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\0F490D26 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2991707C 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\6CAA54FF 8/16/2006 9:36 PM 43 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\56537092 8/16/2006 9:36 PM 37 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\1F945004 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\22416D11 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\4377696F 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\52FE3F22 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\0EB378B8 8/16/2006 9:36 PM 37 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\32725819 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\00124908 8/16/2006 9:36 PM 51 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\486F2492 8/16/2006 9:36 PM 51 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\059634F2 8/16/2006 9:36 PM 44 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\579425BF 8/16/2006 9:36 PM 36 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\00762A5E 8/16/2006 9:36 PM 44 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\21723500 8/16/2006 9:36 PM 34 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\4A632AC5 8/16/2006 9:36 PM 36 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\35EE25B4 8/16/2006 9:36 PM 51 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\200F1BA4 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\51E63950 8/16/2006 9:36 PM 41 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\14F07B2A 8/16/2006 9:36 PM 36 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\111819AE 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\74424D34 8/16/2006 9:36 PM 48 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\773F4DA7 8/16/2006 9:36 PM 47 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\334B547C 8/16/2006 9:36 PM 43 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\147E5BE3 8/16/2006 9:36 PM 39 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\58E26C0D 8/16/2006 9:36 PM 49 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\49020FF0 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\7E3214FB 8/16/2006 9:36 PM 51 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\6BE41592 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\4CBC0C50 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\594C5E5A 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\1D9B7D49 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2BDC057A 8/16/2006 9:36 PM 43 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\1E0C23C3 8/16/2006 9:36 PM 38 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\254C25D8 8/16/2006 9:36 PM 46 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\1D2D72F0 8/16/2006 9:36 PM 36 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\0A515661 8/16/2006 9:36 PM 46 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\6705144E 8/16/2006 9:36 PM 53 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\75C440A0 8/16/2006 9:36 PM 53 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\50C552DA 8/16/2006 9:36 PM 35 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\6700058F 8/16/2006 9:36 PM 53 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\5A4D4681 8/16/2006 9:36 PM 39 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\0F8C64AD 8/16/2006 9:36 PM 34 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\08F253D7 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\23FA5950 8/16/2006 9:36 PM 41 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\5F7F540B 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\340E223D 8/16/2006 9:36 PM 40 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\1779791B 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\4E236776 8/16/2006 9:36 PM 46 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\7FA84244 8/16/2006 9:36 PM 47 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\71CB7253 8/16/2006 9:36 PM 51 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\23D214BD 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\15B62BD4 8/16/2006 9:36 PM 40 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\21CA4CA4 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\44D55536 8/16/2006 9:36 PM 36 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\4FAA5A39 8/16/2006 9:36 PM 39 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\16BE2EC4 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\175C3F4A 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\075300F0 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2B5F00EE 8/16/2006 9:36 PM 41 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\719E3BA2 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\78C76176 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\32001FD0 8/16/2006 9:36 PM 36 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\7A8676A1 8/16/2006 9:36 PM 41 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\338B274F 8/16/2006 9:36 PM 41 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\51EB700F 8/16/2006 9:36 PM 38 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\6CAC1EE9 8/16/2006 9:36 PM 41 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\486821F8 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\0F0D26AF 8/16/2006 9:36 PM 46 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\1E98281E 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\6EB90C90 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\4C803500 8/16/2006 9:36 PM 53 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\6482352B 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\17166151 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2FA006E2 8/16/2006 9:36 PM 44 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\1EFF0FA8 8/16/2006 9:36 PM 46 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\1A9A0B30 8/16/2006 9:36 PM 53 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\4C9D3879 8/16/2006 9:36 PM 41 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\676A3A3C 8/16/2006 9:36 PM 41 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\3D493244 8/16/2006 9:36 PM 48 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\46DC24AE 8/16/2006 9:36 PM 36 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\15DD4A0C 8/16/2006 9:36 PM 44 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\5F376FC1 8/16/2006 9:36 PM 41 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\5E76400B 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\261F5799 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\4B787CA4 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\11BA2BD8 8/16/2006 9:36 PM 39 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\17D21199 8/16/2006 9:36 PM 46 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\65127A6C 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\54835B7E 8/16/2006 9:36 PM 39 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\1BBA5CAA 8/16/2006 9:36 PM 44 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\515D576E 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\38B51AA1 8/16/2006 9:36 PM 48 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\030800FC 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\7C9318A8 8/16/2006 9:36 PM 48 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\0A4B4C6C 8/16/2006 9:36 PM 53 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\46DD433A 8/16/2006 9:36 PM 48 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\40871124 8/16/2006 9:36 PM 40 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\26B36D04 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\6D84785D 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\5EB4533B 8/16/2006 9:36 PM 36 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\0A70441E 8/16/2006 9:36 PM 53 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\601E3C33 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\3625026B 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\0136642E 8/16/2006 9:36 PM 53 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\3EAB00BA 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\72EB2C72 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\63FE13A6 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\39B6409E 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\381106E7 8/16/2006 9:36 PM 51 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2DC4263D 8/16/2006 9:36 PM 47 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\40124982 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\46576A9C 8/16/2006 9:36 PM 41 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\3AF02A3D 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\346A62D9 8/16/2006 9:36 PM 39 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\311B3856 8/16/2006 9:36 PM 43 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\1094323D 8/16/2006 9:36 PM 41 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\318B1C74 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\202E0ACB 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\60037DDE 8/16/2006 9:36 PM 34 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\75B85C19 8/16/2006 9:36 PM 47 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\389747EB 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\7079645F 8/16/2006 9:36 PM 39 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2C6C63BA 8/16/2006 9:36 PM 37 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\5F6657CE 8/16/2006 9:36 PM 34 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\7BBF3A22 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\4B451223 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\712811EC 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2C12067B 8/16/2006 9:36 PM 38 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\62201E40 8/16/2006 9:36 PM 52 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\0DA26169 8/16/2006 9:36 PM 46 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\18C2515E 8/16/2006 9:36 PM 38 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\67861146 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\0ACE478F 8/16/2006 9:36 PM 34 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2C3228C8 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\01F35E5A 8/16/2006 9:36 PM 44 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\535F4FD6 8/16/2006 9:36 PM 39 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\194E4BFA 8/16/2006 9:36 PM 36 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\63AD369B 8/16/2006 9:36 PM 53 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\342E4B10 8/16/2006 9:36 PM 44 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\3F8D3EDA 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\521A2E96 8/16/2006 9:36 PM 44 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\395E4F81 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\64157214 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\32D60680 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\07201A16 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\4BA43CDB 8/16/2006 9:36 PM 44 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\480178DD 8/16/2006 9:36 PM 37 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\635310FE 8/16/2006 9:36 PM 44 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\54432B55 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\72726B52 8/16/2006 9:36 PM 45 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\3C7E6247 8/16/2006 9:36 PM 53 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\7EF2310D 8/16/2006 9:36 PM 36 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2BD84BD0 8/16/2006 9:36 PM 37 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\2FCF194E 8/16/2006 9:36 PM 45 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\38CC3112 8/16/2006 9:36 PM 39 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\43F35869 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\332A1C29 8/16/2006 9:36 PM 48 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\7057157F 8/16/2006 9:36 PM 35 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\135F1A60 8/16/2006 9:36 PM 41 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\696B5E53 8/16/2006 9:36 PM 47 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\6EF76EA5 8/16/2006 9:36 PM 38 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\1BB80D58 8/16/2006 9:36 PM 51 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\1660483B 8/16/2006 9:36 PM 49 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\57C3560F 8/16/2006 9:36 PM 50 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\3FF151AF 8/16/2006 9:36 PM 42 bytes Windows API length not consistent with raw hive data.
HKLM\SOFTWARE\ewido anti-spyware\config\6DEB420E 8/16/2006 9:36 PM 12 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 8/16/2006 9:51 PM 80 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\Debbie Duncan\Local Settings\Temporary Internet Files\Content.IE5\69O33QO1\ping_tssm[1].htm 8/16/2006 9:55 PM 5 bytes Visible in Windows API, MFT, but not in directory index.
C:\Documents and Settings\Debbie Duncan\Local Settings\Temporary Internet Files\Content.IE5\AEAIOPGZ\ping_tssm[2].htm 8/16/2006 9:51 PM 5 bytes Visible in Windows API, directory index, but not in MFT.




HIJACK THIS

Logfile of HijackThis v1.99.1
Scan saved at 10:05:06 PM, on 8/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\palmOne\Hotsync.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccomm ... ctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/i ... downls.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/ ... ontrol.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Unread postby Bob4 » August 16th, 2006, 10:38 pm

Those logs look clean also.
Yes. You may remove Ewido if you like. Let me know if that helps.

One more log to try to see if we missed anything

Please download WinPFind2.

  • Extract the files to a folder(eg: C:\WinPFind2).
  • Double click WinPFind2.exe to start the program.
  • Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
  • Click the Run all Scans button.
  • When its finished scanning you will see Scans Complete! at the bottom left of the program.
  • Click the Export to Text button.
  • Notepad will open with the results of the scan and the log will be saved to the folder that you extracted the program to(C:\WinPFind2\WinPFind2.txt)
  • Post the log in your next reply please. You may need to split the log over a couple posts so that it doesn't get cut off. If so please use the [Start Post #1] and [Start Post #2] deliminators in the log to split the log up.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

WinPFind

Unread postby Eagledunk » August 18th, 2006, 8:59 pm

I tried to run the scan several times - it kept hanging -not responding message with in the upper left.

Removing Ewido helped A LOT - definitely speeded up my computer.

Dd
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm

Unread postby Bob4 » August 18th, 2006, 9:08 pm

Good I'm glad to hear that.
Are there any other issues you have ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

WinPFind

Unread postby Eagledunk » August 18th, 2006, 10:21 pm

I think I am set for now if I don't need to run WinPFind.

Thanks for your help!!
Eagledunk
Regular Member
 
Posts: 23
Joined: August 8th, 2006, 11:58 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware