If geeks love it, we’re on it

Howdy, Stranger!

You found the friendliest gaming & tech geeks around. Say hello!

Icrontic Expo 2014: The gaming & general geekery event you don't want to miss. Read about what's new this year and then buy tickets here.

TROJAN-SPY.HTML.SNITFRAUD.C; please help me destroy this &$*#@

First I thank all of you who give your time to help others , when they hit something they cannot fix using elbow grease and determination to find a solution. I have not yet seen a PayPal donation logo on site yet, but if one is here, i WILL find it. Thanks again.

BSOD ERROR MESSAGE:
FATAL ERROR IN 'I E' HAS OCCURED AT 0028:C0011E36 IN VXD VMM(1)+00010E36 ERROR WAS CAUSED BY TROJAN-SPY.HTML.SNITFRAUD.C

If you need any more info, let me know. here is log;BTW, tried the remove process by shadow2018, but like chia, none of the files he listed were found on my pc.
Logfile of HijackThis v1.99.1
Scan saved at 1:11:08 PM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rlmukj.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\WINDOWS\system32\wintask.exe
C:\WINDOWS\system32\flopro32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Information Update\iu.exe
C:\WINDOWS\system32\exp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\finpm13n.exe
C:\Program Files\Cas\Client\casclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CashBack\bin\cashback.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\BullsEye Network\bin\bargains.exe
D:\hijackthis\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cdcovers.cc/dvd_s.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rlmukj.exe reg_run
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitepls32.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [u38X38P] flopro32.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\system32\PSof1.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Information Update] C:\Program Files\Information Update\iu.exe
O4 - HKLM\..\Run: [fylqhc] c:\windows\system32\jrnezxg.exe r
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [f0r7RUj5W] finpm13n.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Allow Popups - C:\Program Files\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.torrent-damage.net
O15 - Trusted Zone: http://www.torrentreactor.to
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Thank you

Comments

  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited Jul 2005
    You've got a very busy log there with numerous infections. Smitfraud is the one giving you that error and probably the worst of the bunch right now.

    You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

    Please download smitRem.zip and save it to your desktop.
    Right click on the file and extract it to its own folder on the desktop.

    Please download, install, and update the free version of Ewido Security Suite:
    [list=1]
    [*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    [*]When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    [*]From the main Ewido screen, click on update in the left menu, then click the Start update button.
    [*]After the update finishes, the status bar at the bottom will display "Update successful"
    [*]Exit Ewido. DO NOT run a scan yet.
    [/list]

    If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
    Ad-Aware SE Setup
    Again, do NOT run a scan yet.


    Next, please reboot your computer in Safe Mode by doing the following:[list=1]
    [*]Restart your computer
    [*]After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    [*]Instead of Windows loading as normal, a menu should appear
    [*]Select the first option, to run Windows in Safe Mode.
    [/list]Now scan with HJT and place a checkmark next to each of the following items:

    ===================================================


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cdcovers.cc/dvd_s.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)



    ===================================================

    Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
    Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

    Next, run Ad-aware and perform a full scan. Remove everything found.

    Now open Ewido Security Suite
    • Click on Scanner
    • Make sure the following boxes are checked before scanning:[list]
    • Binder
    • Crypter
    • Archives
    [*]Click on Start Scan
    [*]Let the program scan the machine
    [/list]While the scan is in progress you will be prompted to clean files, click OK
    Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save Report
    • Save the report to your desktop
    • Close Ewido
    Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Website -> Uncheck "Security Info" if present.


    Restart your computer in normal mode.

    Run Panda's online virus scan and perform a full system scan. Make sure the Autoclean box is checked!

    Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
    Let us know if any problems persist.
  • edited Jul 2005
    scorch269 [email]scorch269@hotmail.com[/email]
    Guess i'm too long. Will break response in half.
    First, I thank you. And maybe apologize. Between the time I posted my hijack log, and the astonishingly short time it took to recieve a reply, I had run both Ad-aware SE 1.06 Professional, and Spybot , counter to After beginning the instructions sent to me.
    I'm fearful this has led to inaccurate information. The REASONS:
    1.None of the files listed on instruction's were avialable to be checked off;
    2. the nearest being: R3 - URLSearchHook: (no name) ; on PC it shows up as R3 - - Default URLSearchHook...". The key being it was not an EXACT match with "Default" in it, so I left it. I hope I was right.
    Also, as I watched the scrolling, seen a lot of:
    :"Could not find specified file"; and "Access Denied" fly by. Hopefully not contributed to, as it turned out, premature Ad-aware & Spy-bot scans; but I have a feeling I'd have had more interaction with instruction sheet had they been left alone. But hey, I was throwing everything I had at this damn thing, with no affect[read: frustration]; I'm sure you can relate.
    If the early scans DID affect outcome, Please advise. Thank You
    BTW, the activescan's URL did not work as is, but an update to http://www.pandasoftware.com/activescan should do the trick. Also,
    there doesn't seem to be an AUTOCLEAN box to check anymore. It appears they have gone with the rest: offer free scans, show what you want removed, then try to set the hook and make you pay for the software they are hawking. And, boy, I'll tell ya; the way your directions read, I was fired up to get a virus scan that actually removd a virus. If I'm wrong about this. please let me know.As is, it just seemed to go on forever, much more than the storage I have; and I started again and again it started showing as picking up viruses in about the same place. I'll run HJT as is after the panda scan.
    OK,after reboot I get error message:
    ERROR LOADING C:\WINDOWS\CFGMGR52.DLL
    THAT SPECIFIC MODULE COULD NOT BE FOUND.
    ========================================================
    HJT
    Logfile of HijackThis v1.99.1
    Scan saved at 3:07:36 AM, on 7/14/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\system32\rlmukj.exe
    C:\Program Files\PopUp Killer\popupkiller.EXE
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Information Update\iu.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\PROGRA~1\DAP\DAP.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Cas\Client\casclient.exe
    C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
    C:\Program Files\security suite\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\admin\Desktop\hijackthis_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cdcovers.cc/dvd_s.php
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rlmukj.exe reg_run
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitepls32.exe
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\system32\PSof1.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Information Update] C:\Program Files\Information Update\iu.exe
    O4 - HKLM\..\Run: [fylqhc] c:\windows\system32\jrnezxg.exe r
    O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30

    "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [u38X38P] unirov.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Popup Ad Filter\PopFilter.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [f0r7RUj5W] mlatmled.exe
    O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Allow Popups - C:\Program Files\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComFillForms.html (file missing)
    O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber

    Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComSavePass.html (file missing)
    O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber

    Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComShowToolbar.html (file missing)
    O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber

    Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.torrent-damage.net
    O15 - Trusted Zone: http://www.torrentreactor.to
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

    http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

    http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

    http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

    http://www.pandasoftware.com/activescan/as5/asinst.cab
    O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\security suite\ewidoctrl.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead

    Systems\DVD\ULCDRSvr.exe
    =========================================================
    Ewido
    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 3:36:06 PM, 7/13/2005
    + Report-Checksum: 86BCC047

    + Scan result:

    HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Error during cleaning
    HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned

    with backup
    HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned

    with backup
    HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia :

    Cleaned with backup
    C:\Documents and Settings\admin\Cookies\admin@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned

    with backup
    C:\Documents and Settings\admin\Cookies\admin@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
    C:\Documents and Settings\admin\Cookies\admin@linkbuddies[1].txt -> Spyware.Cookie.Linkbuddies : Cleaned with

    backup
    C:\Documents and Settings\admin\Local Settings\Temp\100.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\10385.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\10863.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\11270.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\11561.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\11652.exe -> TrojanDownloader.Small.alr : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\12001.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\12290.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\12966.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\13244.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\13245.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\13391.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\13523.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\13607.exe -> TrojanDownloader.Small.alr : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\1425.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\1434.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\14951.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\15023.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\15846.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\1627.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\16757.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\17.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\17486.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\17703.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\17854.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\18.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\18413.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\18791.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\19.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\19508.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\19891.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\1996.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\20015.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\20886.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\2206.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\22927.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\23050.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\23146.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\23554.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\23727.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\24296.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\25220.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\26.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\26727.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\27675.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\27929.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\28112.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\28443.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\28530.exe -> TrojanDownloader.Small.alr : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\28643.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\29032.exe -> TrojanDownloader.Small.alr : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\29788.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\29955.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\30531.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\31186.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\31216.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\31503.exe -> TrojanDownloader.Small.alr : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\32298.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\4185.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\5118.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\5382.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\5453.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\5668.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\582.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\5882.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\5C.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\5D.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\5E.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\5F.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\60.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\6623.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\6903.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\7008.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\7053.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\76.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\7A.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\8192.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\8740.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\8916.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\9753.exe -> Trojan.P2E.br : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\B.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\C1D.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\C36.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\C37.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\C38.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\DelC3.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\DelCD.tmp -> Heuristic.Win32.Hijacker1 : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar.jj : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with

    backup
    C:\Documents and Settings\admin\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned

    with backup
    C:\Documents and Settings\admin\Local Settings\Temp\temp.fr4DC9 -> Trojan.Pakes : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\temp.fr6362\istsvc.exe -> TrojanDownloader.IstBar : Cleaned with

    backup
    C:\Documents and Settings\admin\Local Settings\Temp\temp.fr70B8 -> TrojanDownloader.Intexp.c : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\temp.fr9911 -> Trojan.Pakes : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temp\temp.frA2F0\MediaAccess.exe -> Spyware.WinAD : Cleaned with

    backup
    C:\Documents and Settings\admin\Local Settings\Temp\temp.frF040\istsvc.exe -> TrojanDownloader.IstBar : Cleaned with

    backup
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\90LCDZQE\abiuninst[1].exe ->

    Adware.BetterInternet : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\90LCDZQE\Poller[1].exe ->

    Adware.BetterInternet : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\HKBBJHKS\AuroraHandler[1].dll ->

    Adware.BetterInternet : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\NQ9JNHX1\svcproc[1].exe ->

    Adware.BetterInternet : Cleaned with backup
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\YX4TSZKR\Nail[1].exe ->

    Adware.BetterInternet : Cleaned with backup
    C:\DOWNLOADS\protector.exe -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\Program Files\Aprps\CxtPls.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
    C:\Program Files\CasStub\casstub.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
    C:\Program Files\MultiShrink\MultiShrink 1.4.exe -> Trojan.LowZones.by : Cleaned with backup
    C:\RECYCLER\S-1-5-21-299502267-162531612-725345543-1003\Dd24.com)\dki.exe -> TrojanDownloader.INService :

    Cleaned with backup
    C:\WINDOWS\awedbqfj.exe -> Spyware.BookedSpace : Cleaned with backup
    C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
    C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
    C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
    C:\WINDOWS\system32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
    C:\WINDOWS\system32\elitepls32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\WINDOWS\system32\Glamud.exe -> Spyware.DealHelper : Cleaned with backup
    C:\WINDOWS\system32\Hgvrru.exe -> Trojan.Popmon.a : Cleaned with backup
    C:\WINDOWS\system32\Jtgpse.exe -> Trojan.Popmon.a : Cleaned with backup
    C:\WINDOWS\system32\mlatmled.exe -> TrojanDownloader.Agent.ed : Cleaned with backup
    C:\WINDOWS\system32\nsh97.dll -> Spyware.HotSearchBar : Cleaned with backup
    C:\WINDOWS\system32\Oxxhbq.exe -> Trojan.Popmon.a : Cleaned with backup
    C:\WINDOWS\system32\pgvyq.dat -> TrojanDownloader.Qoologic.u : Cleaned with backup
    C:\WINDOWS\system32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
    C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
    C:\WINDOWS\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
    C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
    C:\WINDOWS\system32\temperror32.dat -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\WINDOWS\system32\uci.exe -> TrojanDropper.Agent.hl : Cleaned with backup
    C:\WINDOWS\system32\unirov.exe -> TrojanDownloader.Apropo.ac : Cleaned with backup
    C:\WINDOWS\system32\Zcpmlc.exe -> Trojan.Popmon.a : Cleaned with backup


    E:\RECYCLER\S-1-5-21-1409082233-287218729-839522115-500\Dd2\Administrator\Cookies\administrator@paypopup[1].txt ->

    Spyware.Cookie.Paypopup : Cleaned with backup
    F:\CloneDVD2_v2[1].4.5.4_by_SND (www.crack-locator.com)\wuk.exe -> TrojanDownloader.INService.fk : Cleaned with

    backup
    G:\0 THE PROGRAM FOLDER\FTP SERVERS\Serv-U_v5.0.0.4_Corporate_Final-HARPOON\Crack\ServUDaemon.exe ->

    Backdoor.ServU-based : Cleaned with backup
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Cookies\jim [email]dandy@www.sidefind[2].txt[/email] ->

    Spyware.Cookie.Sidefind : Cleaned with backup
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temp\iinstall.exe ->

    TrojanDownloader.IstBar.ir : Cleaned with backup
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\TQ1VPEKW\0006_cracks[1].cab/ISTactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\UFELS7I5\istdownload[1].exe -> TrojanDownloader.IstBar.ir : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\68noqki8.exe -> Adware.SAHA : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\fkrl8uv5.dll -> Adware.SAHA : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\mac80ex.idf/C:/WINDOWS/system32/msbe.dll -> Spyware.BargainBuddy

    : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe ->

    Spyware.BargainBuddy : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe ->

    Spyware.BargainBuddy : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/exdl.exe ->

    Spyware.BargainBuddy : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/mqexdlm.srg ->

    Spyware.BargainBuddy : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/exul.exe ->

    Spyware.BargainBuddy : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/javexulm.vxd ->

    Spyware.BargainBuddy : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/bbchk.exe ->

    Spyware.BargainBuddy : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/msexreg.exe ->

    Spyware.BargainBuddy : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/instsrv.exe ->

    Spyware.BargainBuddy : Cleaned with backup
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\ol0937qj.exe -> Adware.SAHA : Cleaned with backup
    H:\000 GREGG PROGRAMS\APPZS\FTP

    SERVERS\Serv-U_v5.0.0.4_Corporate_Final-HARPOON\Crack\ServUDaemon.exe -> Backdoor.ServU-based : Cleaned with backup
    H:\NEW PROGRAMS\MultiShrink1.4.sfx.exe/MultiShrink 1.4.exe -> Trojan.LowZones.by : Cleaned with backup


    ::Report End
    =========================================================
    REST OF REPORT FOLLOWS


    smitREM

    Pre-run Files Present


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~
  • edited Jul 2005
    :Report End
    ============================================================
    PART 2 AND FINAL OF REPORT


    smitREM

    Pre-run Files Present


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ system32 ~~~

    wp.bmp


    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~

    winstall.exe


    Post-run Files Present


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ system32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~



    ~~~ Wininet.dll ~~~

    Not Infected!
    ===================================================================

    ACTIVESCAN LOG

    Incident Status Location



    Adware:Adware/AdBehavior No disinfected
    C:\WINDOWS\system32\ryucepc.dll


    Adware:Adware/AdBehavior No disinfected
    C:\WINDOWS\system32\rlmukj.exe


    Adware:Adware/ConsumerAlertSystemNo disinfected
    C:\Program Files\Cas\Client\casclient.exe


    Adware:Adware/ConsumerAlertSystemNo disinfected
    C:\Program Files\Cas\Client\casmf.dll


    Adware:Adware/AdBehavior No disinfected
    C:\WINDOWS\system32\rlmukj.exe


    Adware:Adware/ConsumerAlertSystemNo disinfected
    C:\PROGRA~1\Cas\Client\CASCLI~1.EXE


    Adware:Adware/AdBehavior No disinfected
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nutc.exe


    Adware:Adware/SaveNow No disinfected
    Windows Registry


    Adware:Adware/nCase No disinfected
    C:\DOCUME~1\admin\LOCALS~1\Temp\180sainstaller.exe


    Spyware:Spyware/Dyfuca No disinfected
    Windows Registry


    Adware:Adware/CWS No disinfected
    C:\Documents and Settings\admin\Favorites\Fun & Games


    Adware:Adware/BookedSpace No disinfected
    Windows Registry


    Adware:Adware/Apropos No disinfected
    C:\DOCUME~1\admin\LOCALS~1\Temp\cfout.txt


    Adware:Adware/AdDestroyer No disinfected
    C:\Documents and Settings\admin\Start Menu\Programs\AdDestroyer


    Adware:Adware/VirtualBouncer No disinfected
    Windows Registry


    Adware:Adware/QuickSearch No disinfected
    C:\WINDOWS\downloaded Program Files\Install.inf


    Adware:Adware/EliteBar No disinfected
    Windows Registry


    Adware:Adware/PsGuard No disinfected
    C:\Documents and Settings\admin\Application Data\PSGuard.com


    Spyware:Spyware/SurfSideKick No disinfected
    C:\Documents and Settings\admin\Application Data\Sskcwrd.dll


    Spyware:Spyware/SurfSideKick No disinfected
    C:\Documents and Settings\admin\Application Data\Sskknwrd.dll


    Spyware:Spyware/ISTbar No disinfected
    C:\Documents and Settings\admin\Desktop\NEW NFO TEXT\Print_Studio_v2[1].0 (www.crack-locator.com).zip[qcg.exe]


    Spyware:Spyware/ISTbar No disinfected
    C:\Documents and Settings\admin\Desktop\Print_Studio_v2[1].0 (www.crack-locator.com)\qcg.exe


    Spyware:Spyware/ISTbar No disinfected
    C:\Documents and Settings\admin\Desktop\RAT\Dual_DVD_Copy_Gold_v3[1].0_by_Revenge (www.crack-locator.com)\mer.exe


    Spyware:Spyware/ISTbar No disinfected
    C:\Documents and Settings\admin\Desktop\RAT\Dual_DVD_Copy_Gold_v3[1].0_by_Revenge (www.crack-locator.com).zip[mer.exe]


    Spyware:Spyware/ISTbar No disinfected
    C:\Documents and Settings\admin\Desktop\RAT\Dual_DVD_Copy_Gold_v3[1].1 (www.crack-locator.com)\fee.exe


    Spyware:Spyware/ISTbar No disinfected
    C:\Documents and Settings\admin\Desktop\RAT\Dual_DVD_Copy_Gold_v3[1].1 (www.crack-locator.com).zip[fee.exe]


    Spyware:Spyware/ISTbar No disinfected
    C:\Documents and Settings\admin\Desktop\RAT\Dual_DVD_Copy_Gold_v3[1].2_Fixed_by_Core (www.crack-locator.com)\bvq.exe


    Spyware:Spyware/ISTbar No disinfected
    C:\Documents and Settings\admin\Desktop\RAT\Dual_DVD_Copy_Gold_v3[1].2_Fixed_by_Core

    (www.crack-locator.com).zip[bvq.exe]
    Spyware:Spyware/ISTbar No disinfected
    C:\Documents and Settings\admin\Desktop\RAT\Dual_DVD_Copy_Gold_v3[2].2_by_BM (www.crack-locator.com)\yxi.exe


    Spyware:Spyware/ISTbar No disinfected
    C:\Documents and Settings\admin\Desktop\RAT\Dual_DVD_Copy_Gold_v3[2].2_by_BM (www.crack-locator.com).zip[yxi.exe]


    Adware:Adware/ConsumerAlertSystemNo disinfected
    C:\Documents and Settings\admin\Local Settings\Temp\cassetup.exe


    Spyware:Spyware/SurfSideKick No disinfected
    C:\Documents and Settings\admin\Local Settings\Temp\iA3.tmp


    Adware:Adware/nCase No disinfected
    C:\Documents and Settings\admin\Local Settings\Temp\res35.tmp


    Adware:Adware/VirtualBouncer No disinfected
    C:\Documents and Settings\admin\Local Settings\Temp\wrapperouter.exe


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\90LCDZQE\fav[1].bmp


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\90LCDZQE\webservice[1].htm


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\90LCDZQE\webservice[2].htm


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\HKBBJHKS\webservice[2].htm


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\HKBBJHKS\webservice[3].htm


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\ILUVUTB7\drugs[1].bmp


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\NFGA00WU\dating[1].bmp


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\NFGA00WU\webservice[4].htm


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\NQ9JNHX1\webservice[3].htm


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\NQ9JNHX1\webservice[4].htm


    Adware:Adware/ConsumerAlertSystemNo disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\PRBTN9BS\cassetup[1].exe


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\PRBTN9BS\virus[1].bmp


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\PRBTN9BS\webservice[2].htm


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\Y440A2MA\casino[1].bmp


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\Y440A2MA\webservice[3].htm


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\Y440A2MA\webservice[4].htm


    Adware:Adware/Apropos No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\YX4TSZKR\auto_update[1].txt


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\YX4TSZKR\webservice[1].htm


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\YX4TSZKR\webservice[2].htm


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\YX4TSZKR\webservice[3].htm


    Spyware:Spyware/SurfSideKick No disinfected
    C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Ssk.log


    Adware:Adware/AdBehavior No disinfected
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nutc.exe


    Adware:Adware/Pacimedia No disinfected
    C:\DOWNLOADS\pcs_0029.exe


    Adware:Adware/Apropos No disinfected
    C:\Program Files\Aprps\ProxyStub.dll


    Adware:Adware/ConsumerAlertSystemNo disinfected
    C:\Program Files\Cas\Client\casclient.exe


    Adware:Adware/ConsumerAlertSystemNo disinfected
    C:\Program Files\Cas\Client\casmf.dll


    Adware:Adware/ConsumerAlertSystemNo disinfected
    C:\Program Files\Cas\Client\Uninstall.exe


    Spyware:Spyware/ISTbar No disinfected
    C:\Program Files\Print Studio 2.0\0 CRACK\bod.exe


    Spyware:Spyware/ISTbar No disinfected
    C:\Program Files\WinISO\WinISO_v5[1].3 (www.crack-locator.com).zip[faz.exe]


    Spyware:Spyware/BargainBuddy No disinfected
    C:\Program Files 2\BullsEye Network\bin\bargains.exe


    Spyware:Spyware/BargainBuddy No disinfected


    Adware:Adware/QuickSearch No disinfected
    C:\WINDOWS\Downloaded Program Files\Install.inf


    Adware:Adware/QoolAid No disinfected
    C:\WINDOWS\system32\bxoqcnq.exe


    Adware:Adware/AdBehavior No disinfected
    C:\WINDOWS\system32\pgvyq.dat


    Adware:Adware/AdBehavior No disinfected
    C:\WINDOWS\system32\rlmukj.exe


    Adware:Adware/AdBehavior No disinfected
    C:\WINDOWS\system32\ryucepc.dll


    Adware:Adware/AdBehavior No disinfected
    C:\WINDOWS\system32\ugnvr.dll


    Spyware:Spyware/ISTbar No disinfected
    E:\found.003\dir0023.chk\d[1].htm


    Spyware:Spyware/ISTbar No disinfected
    F:\AUTHORING PROGS\DVD-Lab_v1[1].0_Pro_Final_and_v0.x_Beta_Pro (www.crack-locator.com)\nex.exe


    Spyware:Spyware/ISTbar No disinfected
    F:\AUTHORING PROGS\DVD-Lab_v1[1].0_Pro_Final_and_v0.x_Beta_Pro (www.crack-locator.com).zip[nex.exe]


    Spyware:Spyware/ISTbar No disinfected
    F:\AUTHORING PROGS\dvdlab 1.3 and serial\DVD LAB MPGVCR SET\MPEG-VCR_v3[1].14 (www.crack-locator.com)\eug.exe


    Spyware:Spyware/ISTbar No disinfected
    F:\AUTHORING PROGS\dvdlab 1.3 and serial\DVD LAB MPGVCR SET\_Easy_Tagger_2[1].1_serial

    (www.crack-locator.com)\smw.exe
    Spyware:Spyware/ISTbar No disinfected
    F:\AUTHORING PROGS\DVD_Labeler_v2[1].01 (www.crack-locator.com).zip[nug.exe]


    Spyware:Spyware/ISTbar No disinfected
    F:\AUTHORING PROGS\GEAR_Pro_DVD_v6[1].0 (www.crack-locator.com)\tzz.exe


    Spyware:Spyware/ISTbar No disinfected
    F:\AUTHORING PROGS\GEAR_Pro_DVD_v6[1].0 (www.crack-locator.com).zip[tzz.exe]


    Spyware:Spyware/ISTbar No disinfected
    F:\BRUTE FORCE\Dual_DVD_Copy_Gold_v3[1].0_by_Revenge (www.crack-locator.com)\ngp.exe


    Spyware:Spyware/ISTbar No disinfected
    F:\BRUTE FORCE\Dual_DVD_Copy_Gold_v3[1].0_by_Revenge (www.crack-locator.com).zip[ngp.exe]


    Spyware:Spyware/ISTbar No disinfected
    F:\CloneDVD_v3[1].0_Final (www.crack-locator.com)\jng.exe


    Spyware:Spyware/ISTbar No disinfected
    F:\DVD LAB MPG2VCR SET\MPEG-2VCR_v3[1].14\eug.exe


    Spyware:Spyware/ISTbar No disinfected
    G:\0 THE PROGRAM FOLDER\CD Burning and Related-- scorch\NERO PROG

    VERS\Nero_Burning_ROM_Nero_Express_v5[1].5.10.7_v5.5.10.7b (www.crack-locator.com)\zbb.exe


    Spyware:Spyware/ISTbar No disinfected
    G:\0 THE PROGRAM FOLDER\CD Burning and Related-- scorch\NERO PROG VERS\Nero_Vision_Express_v2[1].1.0.4

    (www.crack-locator.com)\amv.exe
    Spyware:Spyware/ISTbar No disinfected
    G:\0 THE PROGRAM FOLDER\Runtimes_GetDataBack\nxy.exe


    Spyware:Spyware/ISTbar No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Desktop\BadCopy_Pro_v3[1].75.0608 (www.crack-locator.com)\lra.exe


    Spyware:Spyware/ISTbar No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Desktop\BadCopy_Pro_v3[1].75.0608

    (www.crack-locator.com).zip[lra.exe]
    Adware:Adware/Tracking No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\QZORO3G3\advertising[1].htm
    Spyware:Spyware/ISTbar No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\QZORO3G3\BadCopy_Pro_v3[1].75.0608 (www.crack-locator.com).zip[lra.exe]


    Spyware:Spyware/ISTbar No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\QZORO3G3\mirrors[1].htm
    Spyware:Spyware/XXXToolbar No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\QZORO3G3\prompt[1].htm
    Spyware:Spyware/XXXToolbar No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\QZORO3G3\prompt[2].htm
    Spyware:Spyware/BargainBuddy No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\QZORO3G3\webservice[1].htm


    Spyware:Spyware/BargainBuddy No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\QZORO3G3\webservice[2].htm


    Spyware:Spyware/ISTbar No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\TQ1VPEKW\d[1].htm
    Adware:Adware/Tracking No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\UDIXCXUN\advertising[1].htm
    Spyware:Spyware/ISTbar No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\UDIXCXUN\d[1].htm
    Spyware:Spyware/ISTbar No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\UDIXCXUN\d[1].x[d[1]]
    Spyware:Spyware/XXXToolbar No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\UDIXCXUN\prompt[1].htm
    Spyware:Spyware/BargainBuddy No disinfected
    webservice[3].htm
    Spyware:Spyware/XXXToolbar No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\UFELS7I5\CAGRG50V.HTM


    Adware:Adware/SAHAgent No disinfected
    G:\D DRIVE COPY 8+GB\Documents and Settings\jim dandy\Local Settings\Temporary Internet

    Files\Content.IE5\UFELS7I5\sahagent[1].exe
    Spyware:Spyware/BargainBuddy No disinfected
    G:\D DRIVE COPY 8+GB\Program Files\BullsEye Network\bin\bargains.exe


    Spyware:Spyware/BargainBuddy No disinfected
    G:\D DRIVE COPY 8+GB\Program Files\BullsEye Network\Uninstall.exe


    Adware:Adware/ExactSearch No disinfected
    G:\D DRIVE COPY 8+GB\WINDOWS\system32\exclean.exe


    ===============================================================================

    I must assume, due to Activescans actions, that it found but did not remove over 100 infected files. This way I use PC as if infected

    until y'all tell me different, a worse case scenario type thing. Most of all, it got rid of trojan-spy SOB, at least oits not on my desktop.

    I thank you very,very much, and await further instructions. scorch269
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited Jul 2005
    We're getting there.

    Please make sure that you can VIEW ALL HIDDEN FILES.

    Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rlmukj.exe reg_run
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitepls32.exe
    O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
    O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
    O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\system32\PSof1.exe
    O4 - HKLM\..\Run: [Information Update] C:\Program Files\Information Update\iu.exe
    O4 - HKLM\..\Run: [fylqhc] c:\windows\system32\jrnezxg.exe r
    O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
    O4 - HKLM\..\Run: [u38X38P] unirov.exe
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [f0r7RUj5W] mlatmled.exe
    O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
    O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)



    Reboot your computer into SAFE MODE

    Then delete these files or directories (Do not be concerned if they do not exist):

    C:\WINDOWS\system32\rlmukj.exe
    C:\windows\system32\elitepls32.exe
    C:\WINDOWS\cfgmgr52.dll
    C:\WINDOWS\system32\wintask.exe
    C:\Program Files\VBouncer
    C:\WINDOWS\system32\PSof1.exe
    C:\Program Files\Information Update
    c:\windows\system32\jrnezxg.exe r
    C:\WINDOWS\system32\exp.exe
    unirov.exe
    mlatmled.exe
    C:\Program Files\Cas
    C:\WINDOWS\svcproc.exe


    Reboot your computer to go back to normal mode and post a new log.
  • edited Jul 2005
    scorch269

    yep, I had missed visualizing the protected files.Only

    c:\program files\cas & c:\program files\information update

    were found from the list. BTW, I looked for them via

    search. Was that OK? And they werent case sensitive ?
    Also, I havent done this 1,2,3 as one process; I've used

    my pc in between posts with you. did i mess up? thank

    you

    Logfile of HijackThis v1.99.1
    Scan saved at 6:10:08 AM, on 7/16/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E

    _S4I2H1.EXE
    C:\PROGRA~1\DAP\DAP.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI

    RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program

    Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\security suite\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft

    Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead

    Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and

    Settings\admin\Desktop\HIJACK-THIS_199\HijackThis.e

    xe

    R0 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Start Page =

    http://www.cdcovers.cc/dvd_s.php
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program

    Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program

    Files\Common Files\Symantec Shared\Security

    Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck]

    C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E

    _S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series"

    /O6 "USB002" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [DownloadAccelerator]

    C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [Advanced Tools Check]

    C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKCU\..\Run: [ctfmon.exe]

    C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber

    Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program

    Files\Popup Ad Filter\PopFilter.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program

    Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Download with &DAP -

    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Allow Popups - C:\Program

    Files\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: Customize Menu &4 -

    file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel

    -

    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/

    3000
    O8 - Extra context menu item: RoboForm &2 -

    file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms &[ -

    file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Fill Forms -

    {320AF880-6646-11D3-ABEE-C5DBF3571F46} -

    file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComFillForms.html (file missing)
    O9 - Extra 'Tools' menuitem: Fill Forms &] -

    {320AF880-6646-11D3-ABEE-C5DBF3571F46} -

    file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComFillForms.html (file missing)
    O9 - Extra button: Save -

    {320AF880-6646-11D3-ABEE-C5DBF3571F49} -

    file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComSavePass.html (file missing)
    O9 - Extra 'Tools' menuitem: Save Forms &[ -

    {320AF880-6646-11D3-ABEE-C5DBF3571F49} -

    file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComSavePass.html (file missing)
    O9 - Extra button: RoboForm -

    {724d43aa-0d85-11d4-9908-00400523e39a} -

    file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComShowToolbar.html (file

    missing)
    O9 - Extra 'Tools' menuitem: RoboForm &2 -

    {724d43aa-0d85-11d4-9908-00400523e39a} -

    file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComShowToolbar.html (file

    missing)
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.torrent-damage.net
    O15 - Trusted Zone: http://www.torrentreactor.to
    O16 - DPF:

    {04E214E5-63AF-4236-83C6-A7ADCBF9BD02}

    (HouseCall Control) -

    http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF:

    {205FF73B-CA67-11D5-99DD-444553540013} -

    http://adserver.sharewareonline.com/adserver/Install.cab
    O16 - DPF:

    {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

    (Symantec AntiVirus scanner) -

    http://security.symantec.com/sscv6/SharedContent/vc/bin

    /AvSniff.cab
    O16 - DPF:

    {644E432F-49D3-41A1-8DD5-E099162EEEC5}

    (Symantec RuFSI Utility Class) -

    http://security.symantec.com/sscv6/SharedContent/com

    mon/bin/cabsa.cab
    O16 - DPF:

    {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

    (HouseCall Control) -

    http://a840.g.akamai.net/7/840/537/2004061001/housec

    all.trendmicro.com/housecall/xscan53.cab
    O16 - DPF:

    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

    (ActiveScan Installer Class) -

    http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: ewido security suite control - ewido

    networks - C:\Program Files\security suite\ewidoctrl.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software

    AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark

    International, Inc. -

    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: System Startup Service (SvcProc) -

    Unknown owner - C:\WINDOWS\svcproc.exe (file

    missing)
    O23 - Service: Ulead Burning Helper

    (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program

    Files\Common Files\Ulead

    Systems\DVD\ULCDRSvr.exe
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited Jul 2005
    It's really hard to read your log like that. :eek3:

    On your next post can you make sure that your margins are set up so that it posts better?

    Click Start -> Run -> (type) services.msc

    Scroll down and find the service called Service: System Startup Service When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.


    Run Hijackthis and click on Open the Misc Tools section -> Delete an NT Service
    Copy and paste this into the text box and click OK.

    SvcProc



    Reboot and post a new hijackthis log.
  • edited Jul 2005
    i'M sorry. Twice i thought i sent a logfile in, but i dont see it. Anyway, i used your directions to square things away to give you a readable log. I thank you for telling me to fix it, and how to fix it; its the least i can do for your eyes.
    So i repeated the steps for a new log i thought was sent; the start-up service said it was no longer there, and where i had pasted SvcProc it now says(when i repeat the copy\paste):
    SERVICE 'SVCPROC' WAS NOT FOUND IN THE REGISTRY. MAKE SURE YOU ENTERED THE SHORT NAME OF THE SERVICE, vb Exclamation.
    I hope all is well, concerning my actions of repeating myself. thank you, i hope this copy is EASILYreadable. I also tacked on a START UP LOG IN CASE IT COULD BE USEFUL[sorry 4 the caps]

    Logfile of HijackThis v1.99.1
    Scan saved at 3:38:10 AM, on 6/18/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\PROGRA~1\DAP\DAP.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\security suite\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BitTornado\btdownloadgui.exe
    C:\Program Files\BitTornado\btdownloadgui.exe
    C:\Documents and Settings\admin\Desktop\HIJACK-THIS_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cdcovers.cc/dvd_s.php
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Popup Ad Filter\PopFilter.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Allow Popups - C:\Program Files\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
    O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
    O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
    O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.torrent-damage.net
    O15 - Trusted Zone: http://www.torrentreactor.to
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\security suite\ewidoctrl.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\PROGRA~1\DAP\DAP.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\security suite\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BitTornado\btdownloadgui.exe
    C:\Program Files\BitTornado\btdownloadgui.exe
    C:\Documents and Settings\admin\Desktop\HIJACK-THIS_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cdcovers.cc/dvd_s.php
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Popup Ad Filter\PopFilter.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Allow Popups - C:\Program Files\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
    O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
    O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
    O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.torrent-damage.net
    O15 - Trusted Zone: http://www.torrentreactor.to
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\security suite\ewidoctrl.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    StartupList report, 6/18/2005, 3:37:34 AM
    StartupList version: 1.52.2
    Started from : C:\Documents and Settings\admin\Desktop\HIJACK-THIS_199\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\PROGRA~1\DAP\DAP.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\security suite\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BitTornado\btdownloadgui.exe
    C:\Program Files\BitTornado\btdownloadgui.exe
    C:\Documents and Settings\admin\Desktop\HIJACK-THIS_199\HijackThis.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Logitech Utility = Logi_MwX.Exe
    DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    SSC_UserPrompt = C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
    EPSON Stylus Photo R200 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
    DownloadAccelerator = C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    Advanced Tools Check = C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    RoboForm = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    Popup Ad Filter = C:\Program Files\Popup Ad Filter\PopFilter.exe
    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Task Scheduler jobs:

    New Task.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx
    CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab

    [{205FF73B-CA67-11D5-99DD-444553540013}]
    CODEBASE = http://adserver.sharewareonline.com/adserver/Install.cab

    [Symantec AntiVirus scanner]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc2.cab

    [Symantec RuFSI Utility Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
    CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
    CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll

    --------------------------------------------------
    End of report, 5,932 bytes
    Report generated in 0.015 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited Jul 2005
    Much easier to read. Thank you. :thumbsup:

    Your log looks clean to me. Are you having any more problems?
  • edited Aug 2005
    Buckeye_Sam: I am very sorry for not responding sooner. I didn't get an email telling me of your reponse; I figured maybe you had a life, and were living it. As I was not about to tell someone who is helping me to hurry, I just waited. Then only when checking the link did I see your last reply, and my lack of graditude in reply. Very sorry, it looks like I just left without saying thank you, and thats not the case. I am VERY thankful; you got those ugly messages off my screen, and the bugs out. I haven't had Norton on though, as you worked through the Hijack this log, and still haven't, was waiting for the green light. So before I install it, I'll run a last log, in case I picked up something in the meantime that needs your expertise. Things seem OK, but haven't done much with pc in last couple days. Here's the log, and I DO thank you. If resizing is needed again, please let me know.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:53:47 AM, on 8/4/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
    C:\PROGRA~1\DAP\DAP.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\security suite\ewidoctrl.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\admin\Desktop\HIJACK-THIS_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cdcovers.cc/dvd_s.php
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Popup Ad Filter\PopFilter.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Allow Popups - C:\Program Files\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.torrent-damage.net
    O15 - Trusted Zone: http://www.torrentreactor.to
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122204663750
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\security suite\ewidoctrl.exe
    O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  • Shadow2018Shadow2018 Northwest Missouri
    edited Aug 2005
    Buckeye is on hiatus. I will take over for him during his absence.

    Please Install an Anti-Virus Program immediately. Have you been on the internet with this computer without an active a-v program?

    Your log still looks clean. Are you having anymore problems?
Sign In or Register to comment.