|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
08-04-2005, 09:18 AM
|
#1 |
|
Member (10 bit)
Join Date: Oct 2000
Location: Harlingen, Texas
Posts: 757
|
Ewido & Hijack logs - spyware sheriff
I am sure there are still things to be removed. For one thing the RED LETTERED Your System is Infected is still there and no change can be made in Display Properties.
Have run Cleanup4 AVG Spybot Adaware Ewido. Since I first posted this request I have updated to SP2 and all criticals now installed. Thanks --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 1:35:38 AM, 8/4/2005 + Report-Checksum: B097F608 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} -> TrojanDownloader.WebP2P : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7F6828CA-9E42-462C-BC60-418C8144012C} -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A} -> Spyware.TOPicks : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{09CA52B3-703C-4B17-9690-C13F736E3DCD} -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\Classes\TypeLib\{F720B40F-3A38-4B22-B30D-DCF095D42498} -> Spyware.P2PNetworking : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} -> TrojanDownloader.WebP2P : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6828CA-9E42-462C-BC60-418C8144012C} -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Cleaned with backup [1720] C:\WINDOWS\System32\iijnipjp.dll -> Worm.Prox.c : Error during cleaning C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup C:\Program Files\FileSubmit\Finding Nemo SS\nnez_388.exe -> Spyware.NewDotNet : Cleaned with backup C:\Program Files\SpySheriff\IESecurity.dll -> Spyware.SpywareNo : Cleaned with backup C:\Program Files\SpySheriff\SpySheriff.exe -> Trojan.SpySheriff : Cleaned with backup C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup C:\WINDOWS\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall6_10.exe -> Spyware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup C:\WINDOWS\sys026.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys027.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys033.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys034.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys1151.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys122.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys124.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys1432.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys1433.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys1632.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys1637.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys185.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys186.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys5233.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys5237.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\sys5238.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\system32\adsmsext.exe -> Spyware.UrlSpy : Cleaned with backup C:\WINDOWS\system32\atl70082.exe -> Spyware.UrlSpy : Cleaned with backup C:\WINDOWS\system32\ca2.dll -> Spyware.SearchIt : Cleaned with backup C:\WINDOWS\system32\deoglnpa.dll -> Worm.Prox.c : Cleaned with backup C:\WINDOWS\system32\ghpbldpm.dll -> Worm.Prox.c : Cleaned with backup C:\WINDOWS\system32\latest.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\system32\maxd1.exe -> Dialer.Generic : Cleaned with backup C:\WINDOWS\system32\msclock32.dll -> Dialer.Generic : Cleaned with backup C:\WINDOWS\system32\vxgame2.exe -> Trojan.Crypt.i : Cleaned with backup C:\WINDOWS\system32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Renos.f : Cleaned with backup C:\WINDOWS\system32\zolker005.dll -> Spyware.Azesearch : Cleaned with backup C:\WINDOWS\system32\__delete_on_reboot__iijnipjp.dll -> Worm.Prox.c : Cleaned with backup C:\WINDOWS\system32\__delete_on_reboot__symcsvc.exe -> Trojan.Crypt.i : Cleaned with backup ::Report End HIJACK THIS LOG: Logfile of HijackThis v1.99.1 Scan saved at 1:53:03 AM, on 8/4/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wwSecure.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\m?dtc.exe C:\Utilities\Hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.rr.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080 R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {E790DCDA-6338-44B7-4411-1D5333F601EF} - C:\WINDOWS\System32\tlai.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\symcsvc.exe O4 - HKCU\..\Run: [Bufh] C:\WINDOWS\System32\m?dtc.exe O4 - HKCU\..\Run: [Notn] C:\Program Files\apsi\wtta.exe O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted IP range: 67.19.178.84 O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.phgenit.com/plugin/awarew...ab/awswaxf.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_2us.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O21 - SSODL: System - {16B8EA89-9ACF-4A04-96F8-CBE23477C9B4} - vr_sys.dll (file missing) O21 - SSODL: 357ECB62-CD36-4B63-B57E-769D0CA174F4 - {7D126260-357B-63E5-8BCD-D4A4312EB4FC} - c:\program files\wildtangent\apps\gamechannel\games\357ecb62-cd36-4b63-b57e-769d0ca174f4\wpfkj32.dll (file missing) O21 - SSODL: 1ABC286C-DE10-4590-BEFF-4D0DFF5EA1EC - {8ECFF52C-B52B-0662-86EA-91D1D05DEFF2} - c:\program files\wildtangent\apps\gamechannel\games\1abc286c-de10-4590-beff-4d0dff5ea1ec\winkajk32.dll (file missing) O21 - SSODL: SysTray.Excn - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\System32\iijnipjp.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe Last edited by tacoeater; 08-04-2005 at 12:05 PM. |
|
|
|
08-06-2005, 03:29 AM
|
#2 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
HI tacoeater
Go here and follow the instructions posted http://www.bleepingcomputer.com/foru...xe-t22402.html then come back post another hijack this log you will have more to do Lobos |
|
|
|
|
08-06-2005, 06:10 AM
|
#3 |
|
Member (10 bit)
Join Date: Oct 2000
Location: Harlingen, Texas
Posts: 757
|
thanks lobos for the nice link.
i have gotten rid of everything but the mediatickets spyware stuff in the registry. ran panda active scan and that was all that was found. desktop wallpaper fixed. i really appreciate the work you do for all of us. often when i post a request or a hijack it is in desperation when i am working on a customer's computer. you probably understand that there will be times when the customer grows impatient and the ultimate fix, format and reinstall, is necessary by the time you get to some of the hijack this analysis requests. this is the case about half the time when the really ugly stuff hits like aurora nail and the sheriff. this time i was able to stall and wait for information and it really is a good and satisfying feeling to the conquer the beasts! |
|
|
|
|
08-06-2005, 03:04 PM
|
#4 |
|
Member (10 bit)
Join Date: Mar 2004
Location: California
Posts: 936
|
hi taco eater can i see another hijack this log and/or the panda log
yes alot of good selfhelp tuts there at bleepers where does it say you have mediatickets at? Lobos |
|
|
|
|
08-06-2005, 06:24 PM
|
#5 |
|
Member (10 bit)
Join Date: Oct 2000
Location: Harlingen, Texas
Posts: 757
|
Computer has gone back to the customer now.
From panda info i deleted winupdt.bin and the Finances & Business folder The reference to mediatickets is their 3rd entry The reference to nailfix is cause if there is room i always copy a select group of my favorite cleansers and antiviruses and spy stuff to a folder on their computer. thank god this one did not have aurora also! Panda was: Incident Status Location Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM32\winupdt.bin Adware:adware/elitebar No disinfected C:\DOCUMENTS AND SETTINGS\OWNER\FAVORITES\Finances & Business Adware:adware/mediatickets No disinfected Windows Registry Hacktool:Hacktool/Processor No disinfected C:\Utilities\Aurora - Nail\Nailfix XP\nailfix.zip[Process.exe] ******************************************* Logfile of HijackThis v1.99.1 Scan saved at 5:07:36 PM, on 8/5/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wwSecure.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\LTMSG.exe C:\Utilities\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rgv.rr.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.rr.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted IP range: 67.19.178.84 O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.phgenit.com/plugin/awarew...ab/awswaxf.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX25.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_2us.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe Last edited by tacoeater; 08-06-2005 at 06:28 PM. |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
