Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1
    Member
    Join Date
    Feb 2006
    Posts
    15
    Points
    10

    Default Computer freezes after about an hour

    First of all, thank you to all of you who support such an outstanding helpful site!

    What brings me here is that I got nailed with the SpySherrif virus. Actually, I don't know if that was the first one to hit me, but that's the first one I noticed. Watch where you click on the web!! At the time I was running AVG. I went to a web site and all of a sudden little windows started popping up with jarbled script in them. Next thing you know, my computer is going slow as molasses. I popped open my system processes and watched the list grow. I cancelled some of them that were popping up, and that seemed to stem the flow of nasty stuff.

    After I got hit, I ran AVG right away. It froze about half way through, locking my computer up. I soft-rebooted and was greeted with a few errors on reboot. One error was that a process was looking for a file called ibm00001.exe (or something very similar) and another error was a box with a red 'X' saying 'Product not installed' and had an 'OK' button in it. I used the close (top right corner) button to remove that.

    After running panda and having it freeze half way through, and running AVG and having it freeze, I decided to make sure my disks were ok and ran scan disk on my drives. That revealed some minor errors which were automatically fixed.

    I did sucessfully complete the AVG virus scan, and it revealed no errors, and then ran through the check list posted. I then took multiple HJT logs and ran them through detective and did the corrections it suggested. I am not currently running a firewall, but everything else is up to date as suggested.

    When the computer locks up, I attempt to open my processes (click ctrl-alt-del, go get coffee, come back and hope it is up) and when it opens I notice winlogin.exe is taking up 99% of system resources. Yet it only sizes around 700K if that.

    I will see shortly if the computer still locks up after doing the corrections Dectective suggested. I do know that I still have that box popping up saying 'Product not installed'.

    Detective said there is still suspicious files, so here is my logfile for you. Thank you for your time!
    ---
    Logfile of HijackThis v1.99.1
    Scan saved at 7:18:49 PM, on 2/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Belkin\Nostromo\nost_LM.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    F2 - REG:system.ini: Shell=
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [0s4P3mg] mqusock.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: avload32 - C:\WINDOWS\SYSTEM32\avload32.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
    ---

  2. #2
    Member
    Join Date
    Feb 2006
    Posts
    15
    Points
    10

    Default

    Ok, it just locked up again. Its weird... never did this before the virus thing hit me. It moves along smooth, no hesitations, and then BAM everything freezes, and it takes about 5 minutes just to do any basic actions (move cursor, bring up right click pop up menu, whatever). I'm confused as to why this is.... Seems to not matter what I'm doing.... it goes off as easy in the middle of a virus scan as well as if I'm just playing WoW or working on a word document.........

    Any ideas?

    edit - it is winlogin.exe that is taking 99% of the resources....

  3. #3
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    What did you do with the Sheriff problem

    BG

  4. #4
    Member
    Join Date
    Feb 2006
    Posts
    15
    Points
    10

    Default

    Sorry, missed that part in my summary... I ran the Bazooka scanner, and it instructed me the registry items to delete, and I also deleted the folders with the files it used.

    After my last post, I rebooted the computer and went to watch a tv show. I came up to check for replies to this and the computer was locked up at the desktop (all booted up with the window saying 'Product not installed' being displayed).

    (I have the forum here up on my laptop next to the computer with issues)

    How does the logfile look?

  5. #5
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    I am not liking this one:

    O20 - Winlogon Notify: avload32 - C:\WINDOWS\SYSTEM32\avload32.dll

    Maybe a tojan/rootkit problem

    BG

  6. #6
    Member
    Join Date
    Feb 2006
    Posts
    15
    Points
    10

    Default

    Do suggest I have HJT Fix it and see how it goes?

    I usually leave my computer on so it automatically runs its scans and updates during the night... Left it up last night after I set it up with AVG virus scan and it locked in the middle of the scan again. Clock on the scan says it was running for 43 minutes.

  7. #7
    Member
    Join Date
    Feb 2006
    Posts
    15
    Points
    10

    Default

    Ok, had HJT fix that O20 issue.. Going to run scan disk and test my memory (Corsair 3200) make sure there isn't any issues there.

  8. #8
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    This is almost certainly a Haxdoor trojan variant ...

    O20 - Winlogon Notify: avload32 - C:\WINDOWS\SYSTEM32\avload32.dll

    Your winlogon problem is almost certainly being caused by SpamTool.Win32.Mailbot.u

    When winlogon hits that 99% it is sending out thousands ospam emails from your computer ... of course if you had a firewall, you could blck this, untill you remove it

    The winlogon notify key for this will not be viible as it is hidden by a rootkit as bg says

    This is also part of Adware.SpySheriff

    EWido will remove this for you... it may also remove the haxdoor trojan, if not, we can remove that seperately...

    Download ewido security suite install, update and run it.

    Please set up as :-

    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

    2. Run Ewido --- When you run it for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    3. From the main ewido screen, click on update in the left menu, then click the Start update button.

    4. After the update finishes (the status bar at the bottom will display "Update successful")

    5. You may need to manually update the definitions which you can get HERE

    6. Exit Ewido. DO NOT scan yet.

    Boot into safemode...and scan with Ewido

    7. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

    8. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

    9. Once the ewido scan has completed, there will be a button located on the bottom of the screen called Save report.

    Important - You need to click "Save report" and Save it to your desktop, or you wont have a log

    reboot

    post a new hijackthis log + the ewido log

    cheers

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  9. #9
    Member
    Join Date
    Feb 2006
    Posts
    15
    Points
    10

    Default

    I'll get on this right away.

  10. #10
    Member
    Join Date
    Feb 2006
    Posts
    15
    Points
    10

    Default

    Ok.... after 80 minutes of scanning the results are in! I elected to select none for each popup that came up and let you see the results.


    ---
    Logfile of HijackThis v1.99.1
    Scan saved at 2:27:04 PM, on 2/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Belkin\Nostromo\nost_LM.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe

    F2 - REG:system.ini: Shell=
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [0s4P3mg] mqusock.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: avload32 - C:\WINDOWS\SYSTEM32\avload32.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)


    ---

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 2:23:32 PM, 2/23/2006
    + Report-Checksum: ABFCE90

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{75DF86D0-50B4-B58E-3F0F-546011A4DCDD} -> Adware.CoolWebSearch : Ignored
    HKLM\SOFTWARE\Classes\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87} -> Downloader.Fugif : Ignored
    [316] C:\WINDOWS\SYSTEM32\avload32.dll -> Backdoor.Haxdoor.gj : Ignored
    :mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.b7p\cookies.txt -> TrackingCookie.Hitbox : Ignored
    :mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.b7p\cookies.txt -> TrackingCookie.Enliven : Ignored
    :mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.b7p\cookies.txt -> TrackingCookie.Ru4 : Ignored
    :mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.b7p\cookies.txt -> TrackingCookie.Esomniture : Ignored
    :mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.b7p\cookies.txt -> TrackingCookie.Esomniture : Ignored
    :mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.b7p\cookies.txt -> TrackingCookie.Realcastmedia : Ignored
    :mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\1swrcy9z.slt\cookies.txt -> TrackingCookie.Specificclick : Ignored
    :mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\1swrcy9z.slt\cookies.txt -> TrackingCookie.Googleadservices : Ignored
    :mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\gdabww0h.slt\cookies.txt -> TrackingCookie.Addynamix : Ignored
    :mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\gdabww0h.slt\cookies.txt -> TrackingCookie.Ad-flow : Ignored
    :mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\gdabww0h.slt\cookies.txt -> TrackingCookie.X10 : Ignored
    :mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\gdabww0h.slt\cookies.txt -> TrackingCookie.Googleadservices : Ignored
    :mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\gdabww0h.slt\cookies.txt -> TrackingCookie.Googleadservices : Ignored
    :mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\gdabww0h.slt\cookies.txt -> TrackingCookie.Googleadservices : Ignored
    :mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\Default User\gdabww0h.slt\cookies.txt -> TrackingCookie.Googleadservices : Ignored
    C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Ignored
    C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Ignored
    C:\Documents and Settings\Sir Monkey\Cookies\sir monkey@download.com[2].txt -> TrackingCookie.Com : Ignored
    C:\Documents and Settings\Sir Monkey\Cookies\sir monkey@trafic[1].txt -> TrackingCookie.Trafic : Ignored
    C:\WINDOWS\OEWABLog.txt:sbnlu -> Downloader.Agent.bq : Ignored
    C:\WINDOWS\OEWABLog.txt:sbnlu -> Downloader.Agent.bq : Ignored
    C:\WINDOWS\system32\avload32.dll -> Backdoor.Haxdoor.gj : Ignored
    C:\WINDOWS\Temp\ASHeuristic\avload32_dll.vir -> Backdoor.Haxdoor.gj : Ignored


    ::Report End

    ---



    Interesting to note a lot of the results seem to be in the Mozilla directory which I haven't used in eons! I found that many of the sites I frequent for business purposes wouldn't function with Mozilla Firefox and had to head back to the IE camp. As a result I haven't used Firefox for probably over a year.

Page 1 of 3 123 LastLast