Results 1 to 8 of 8
  1. #1
    Member
    Join Date
    Aug 2006
    Posts
    6
    Points
    0

    Default adware/trojans plus it has in disabled my default firewall

    i got spyware from one of those IM viruses. Now i cannot get rid of it at all ive tried everything. including the steps listed in your forum. on top of that now my windows firewall appears to be disabled permanently, making it impossible for me to play anything using punkbuster Sad. Any help would be appretiated on either the firewall or spyware problem thank you.
    this is my hijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 1:56:06 AM, on 8/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5335.0005)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\svslogon.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\dfndrfg_8.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\Program Files\Grisoft\AVG Free\avgwb.dat
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ign.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [defender] C:\\dfndrfg_8.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdfg_8.exe
    O4 - HKLM\..\Run: [nes8e811] RUNDLL32.EXE w1244b35.dll,n 0028e80f000000031244b35
    O4 - HKLM\..\Run: [{8F-FD-DA-A5-ZN}] c:\windows\system32\dwdsregt.exe CORN003
    O4 - HKLM\..\Run: [w12474f5.dll] RUNDLL32.EXE w12474f5.dll,I2 0028e80f012474f5
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinnpex.exe CORN003
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [newname] C:\\nwnmfg_8.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
    O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
    O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Program Files\Ubisoft\Demo\Ghost Recon Advanced Warfighter Demo\Support\Register\RegistrationReminder.exe
    O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\twinnpex.exe
    O4 - Startup: TVHarmony AutoPilot.lnk = C:\Program Files\TVHarmony\AutoPilot.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Beyond TV Subscriber Edition.lnk = C:\Program Files\SnapStream Media\Beyond TV 3\BTVAgent2.exe
    O4 - Global Startup: VersionTracker Pro.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/do...e_Inst_Win.cab
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.5.1.cab
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab
    O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames.aavalue.com/LFG...games_live.cab
    O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.rcninteraction.com/games/...s/exentCtl.ocx
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA} (MNPerformer Class) - http://projects.synacor.com/musicnet...erSetup-sa.exe
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Print Spooler Service (SpoolSvc209) - Unknown owner - C:\WINDOWS\system32\dior4f4rxctzfms.exe
    O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

  2. #2
    Member
    Join Date
    Jan 2006
    Location
    Medway U.K.
    Posts
    22
    Points
    8

    Default

    before someone comes along and looks at your log , you seem to have BOTH Nortons Antivirus and AVG running on your PC at the same time

    which one are you currently using ?? you should not run 2 antivirus

    delete the one that you do not use by using Add/Remove programs

  3. #3
    Member
    Join Date
    Aug 2006
    Posts
    6
    Points
    0

    Default

    I didnt even remeber that i still had norton because it expired a while ago.I cant seem to get rid of it either.

  4. #4
    Member Spyware Fighter Clark76's Avatar
    Join Date
    Feb 2006
    Location
    Cleveland, Ohio
    Posts
    1,359
    Points
    239

    Default

    Hello

    To remove Norton try this link: http://service1.symantec.com/SUPPORT...05033108162039

    benc

  5. #5
    Member
    Join Date
    Aug 2006
    Posts
    6
    Points
    0

    Default

    here is my updated hijackthis log.im thinking the only way to fix the firewall is to reinstal windows. any help would be truly appretiated.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:03:41 AM, on 8/9/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5335.0005)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\svslogon.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\twinnpex.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVAgent2.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVSettingsService.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVTaskManagerService.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVLibraryService.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVSchedulerService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVNetworkService.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVRecordingEngine.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVRecordingEngine.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVGuideDataLoader.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ign.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [defender] C:\\dfndrfg_8.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdfg_8.exe
    O4 - HKLM\..\Run: [nes8e811] RUNDLL32.EXE w1244b35.dll,n 0028e80f000000031244b35
    O4 - HKLM\..\Run: [{8F-FD-DA-A5-ZN}] c:\windows\system32\dwdsregt.exe CORN003
    O4 - HKLM\..\Run: [w12474f5.dll] RUNDLL32.EXE w12474f5.dll,I2 0028e80f012474f5
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinnpex.exe CORN003
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [newname] C:\\nwnmfg_8.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
    O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
    O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Program Files\Ubisoft\Demo\Ghost Recon Advanced Warfighter Demo\Support\Register\RegistrationReminder.exe
    O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\twinnpex.exe
    O4 - Startup: TVHarmony AutoPilot.lnk = C:\Program Files\TVHarmony\AutoPilot.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Beyond TV Subscriber Edition.lnk = C:\Program Files\SnapStream Media\Beyond TV 3\BTVAgent2.exe
    O4 - Global Startup: VersionTracker Pro.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/do...e_Inst_Win.cab
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.5.1.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames.aavalue.com/LFG...games_live.cab
    O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.rcninteraction.com/games/...s/exentCtl.ocx
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA} (MNPerformer Class) - http://projects.synacor.com/musicnet...erSetup-sa.exe
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Print Spooler Service (SpoolSvc209) - Unknown owner - C:\WINDOWS\system32\dior4f4rxctzfms.exe
    O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe
    O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS\system32\cjnr4r4zflqxou.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Quote Originally Posted by Athenic
    on top of that now my windows firewall appears to be disabled permanently, making it impossible for me to play anything using punkbuster Sad.
    you don't need the windows firewall enabled, you have a better firewall running :-

    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

    what is the connection between "making it impossible for me to play anything using punkbuster Sad." and the windows firewall ?

    You have a lot of malware in your log, before we clean it, I want you to run a couple of programs ...

    CCleaner + Ewido ... you already have ewido, so no need to re-download it, but please run it according to these instructions...

    Download CCleaner from :-

    http://www.filehippo.com/download_ccleaner/ (click the download tab)

    During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

    doubleclick the ccsetup.exe file and install the program...

    After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

    Make sure the "windows" tab is selected

    Under "internet explorer" tick...

    Temporary internet files
    Cookies* > see Note below
    History
    Recently typed URL's
    (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
    Delete index.dat files
    Last download location
    Autocomplete form history


    under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

    Other explorer MRU's
    (leave this unticked if you DON'T want to clear lists such as the start\run list)

    under "System"

    Tick ALL these ...


    under "Advanced"

    no need to tick any of these (but you can if you want, and realise what they do)


    Applications tab...

    These will mostly clean out old log files for these applications...

    Clean:- (if you use them)

    Firefox/Mozilla (optional - leave the cookies - see note)
    Opera
    Sun Java
    ZoneAlarm

    ...
    Personally I clean everything in the applications tab... but you tick what you want...

    Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your passward when you next visit that site) ... click options > cookies > then keep the cookies you want.

    click "analyse" if you want to see a list of what is going to be removed, before it is removed.

    Or

    click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

    "This process will permanently delete files from your system. Are you sure you wish to proceed?"

    click OK.

    THEN........

    Download ewido security suite install, update and run it.

    Please set up as :-

    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

    2. Run Ewido --- When you run it for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    3. From the main ewido screen, click on update in the left menu, then click the Start update button.

    4. After the update finishes (the status bar at the bottom will display "Update successful")

    5. You may need to manually update the definitions which you can get HERE

    6. Exit Ewido. DO NOT scan yet.

    Boot into safemode...and scan with Ewido

    7. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

    8. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

    9. Once the ewido scan has completed, there will be a button located on the bottom of the screen called Save report.

    Important - You need to click "Save report" and Save it to your desktop, or you wont have a log

    reboot

    post a new hijackthis log + the ewido log

    cheers

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  7. #7
    Member
    Join Date
    Aug 2006
    Posts
    6
    Points
    0

    Default

    hey thanks so much for the help so far. im not sur eif i have got rid of any of the spyware yet heres the logs
    Logfile of HijackThis v1.99.1
    Scan saved at 1:31:22 AM, on 8/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5335.0005)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\svslogon.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\twinnpex.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVAgent2.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVSettingsService.exe
    C:\Program Files\Orb Networks\Orb\bin\Orb.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVTaskManagerService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVLibraryService.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVSchedulerService.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVNetworkService.exe
    C:\WINDOWS\system32\dior4f4xcio.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVRecordingEngine.exe
    C:\Program Files\SnapStream Media\Beyond TV 3\BTVRecordingEngine.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ign.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [defender] C:\\dfndrfg_8.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdfg_8.exe
    O4 - HKLM\..\Run: [nes8e811] RUNDLL32.EXE w1244b35.dll,n 0028e80f000000031244b35
    O4 - HKLM\..\Run: [{8F-FD-DA-A5-ZN}] c:\windows\system32\dwdsregt.exe CORN003
    O4 - HKLM\..\Run: [w12474f5.dll] RUNDLL32.EXE w12474f5.dll,I2 0028e80f012474f5
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinnpex.exe CORN003
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [newname] C:\\nwnmfg_8.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
    O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
    O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Program Files\Ubisoft\Demo\Ghost Recon Advanced Warfighter Demo\Support\Register\RegistrationReminder.exe
    O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\twinnpex.exe
    O4 - Startup: TVHarmony AutoPilot.lnk = C:\Program Files\TVHarmony\AutoPilot.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Beyond TV Subscriber Edition.lnk = C:\Program Files\SnapStream Media\Beyond TV 3\BTVAgent2.exe
    O4 - Global Startup: VersionTracker Pro.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/do...e_Inst_Win.cab
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.5.1.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames.aavalue.com/LFG...games_live.cab
    O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/I...ve/HS_live.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.rcninteraction.com/games/...s/exentCtl.ocx
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA} (MNPerformer Class) - http://projects.synacor.com/musicnet...erSetup-sa.exe
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Print Spooler Service (SpoolSvc209) - Unknown owner - C:\WINDOWS\system32\dior4f4xcio.exe
    O23 - Service: Service Logon Protocol (SVSLOG) - Unknown owner - C:\WINDOWS\svslogon.exe (file missing)
    O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS\system32\cjnr4r4zflqxou.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 1:14:55 AM 8/10/2006

    + Scan result:



    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP786\A0128648.dll -> Adware.CommAd : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP786\A0127671.exe -> Adware.Look2Me : No action taken.
    C:\Program Files\PSLister\PSLister.exe -> Adware.PurityScan : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP789\A0132634.exe -> Backdoor.HacDef.fv : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\29DPQAHN\d209[1].exe -> Backdoor.HacDef.fw : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YNYPV4P9\d209[1].exe -> Backdoor.HacDef.fw : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP786\A0127672.exe -> Backdoor.HacDef.fw : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP789\A0131470.exe -> Backdoor.HacDef.fw : No action taken.
    C:\ppt.com -> Backdoor.HacDef.fw : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\29DPQAHN\nwnmfg_8[1].exe -> Downloader.Adload.dj : No action taken.
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP789\A0131472.exe -> Downloader.Adload.dj : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YNYPV4P9\dfndrfg_8[1].exe -> Hijacker.VB.ly : No action taken.
    C:\dsadsdad.exe -> Hijacker.VB.ly : No action taken.
    :mozilla.20:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.23:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.26:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.27:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.21:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
    :mozilla.105:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Com : No action taken.
    :mozilla.9:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    :mozilla.107:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.108:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.109:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.110:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.111:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.112:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.113:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.68:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
    :mozilla.17:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.18:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.19:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.130:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.131:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.132:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.133:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.134:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.140:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.141:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.142:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.143:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.144:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.145:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.146:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.147:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.22:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.24:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.25:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.28:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.29:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.30:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.31:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.32:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.33:C:\Documents and Settings\Joshua Brandt-Rauf\Application Data\Mozilla\Firefox\Profiles\65napnf8.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.


    ::Report end

    i think the report was run before i apply the actions.

    for the firewall and punkbuster, punkbuster uses the default firewall for some reason if it is disabled then it thinks i am not the administrator and it cannot look in sertian files and therfore does not allow me to play(i found this out form people with similar problems). is there any way for me to reanable the firewall or can i do somthing with the windows reinstal disc? will this delete all my data? thank you again

  8. #8
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Run Ewido again and have it fix everything it finds.

    Post another/new Ewido log.

    BG