Media Player 10 keeps freezing

  1. 27-12-2005  #1
    redwings0413
    redwings0413 is offline Newbie

    Media Player 10 keeps freezing

    Any help appreciated.

    Logfile of HijackThis v1.99.1
    Scan saved at 4:07:52 AM, on 12/27/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVI C~1.EXE
    C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
    C:\Program Files\COGECO Security Services\backweb\9867844\Program\fspex.exe
    C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
    C:\Program Files\COGECO Security Services\Anti-Virus\FSGK32.EXE
    C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
    C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
    C:\Program Files\COGECO Security Services\Common\FSMB32.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\COGECO Security Services\Common\FCH32.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\COGECO Security Services\Common\FAMEH32.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\COGECO Security Services\Common\FSM32.EXE
    C:\Program Files\COGECO Security Services\FSGUI\ispnews.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\COGECO Security Services\FSPC\fspc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe
    C:\Program Files\COGECO Security Services\FSPC\fshttps\fshttps.exe
    C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\COGECO Security Services\FSGUI\fsguiexe.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.cogeco.ca/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\COGECO Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\COGECO Security Services\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\COGECO Security Services\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: COGECO Security Services (BackWeb Plug-in - 9867844) - Unknown owner - C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVI C~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  2. 27-12-2005  #2
    Neal
    Neal is offline Dedicated Member
    Welcome to DAL,



    You have a broken internet connection.

    Go here to fix your broken internet connection;

    http://www.snapfiles.com/download/dlwinsockxpfix.html


    Download, install and run the tool.


    Then


    Internet Explorer required
    Run these two online virus scanners (Panda Activescan) following these instructions below:

    http://www.pandasoftware.com/products/activescan.htm


    Internet Explorer required
    Also this excellent(BitDefender) scanner:http://www.bitdefender.com/scan8/ie.html

    Both scanners will make a log if anything is found, please post those back here. Thanks
  3. 29-12-2005  #3
    redwings0413
    redwings0413 is offline Newbie
    I ran both scans and they both found nothing.

    Thanks
  4. 29-12-2005  #4
    redwings0413
    redwings0413 is offline Newbie
    here is a new HJTHIS log after doing what you said.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:35:13 AM, on 12/29/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVI C~1.EXE
    C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
    C:\Program Files\COGECO Security Services\backweb\9867844\Program\fspex.exe
    C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
    C:\Program Files\COGECO Security Services\Anti-Virus\FSGK32.EXE
    C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
    C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\COGECO Security Services\Common\FSMB32.EXE
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\COGECO Security Services\Common\FCH32.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\COGECO Security Services\Common\FAMEH32.EXE
    C:\Program Files\COGECO Security Services\FSPC\fspc.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\COGECO Security Services\Common\FSM32.EXE
    C:\Program Files\COGECO Security Services\FSGUI\ispnews.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    C:\Program Files\COGECO Security Services\FSPC\fshttps\fshttps.exe
    C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\COGECO Security Services\FSGUI\fsguiexe.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.cogeco.ca/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\COGECO Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\COGECO Security Services\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\COGECO Security Services\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: COGECO Security Services (BackWeb Plug-in - 9867844) - Unknown owner - C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVI C~1.EXE
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  5. 29-12-2005  #5
    Neal
    Neal is offline Dedicated Member
    Your log is clean and scanners came up clean, may not be virus related but we will do a couple more scans. You may need to go to the XP Help section of this forum for help on media player.




    Download CCleaner from here:
    http://www.majorgeeks.com/download4191.html
    or here:
    http://www.filehippo.com/download_ccleaner.html


    1.Uncheck "Cookies" under "Internet Explorer".

    2.If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".


    Run the tool useing windows tab only which is up front by default


    Reboot



    Then


    Please download, install, update and scan your system with the free version of Ewido trojan scanner: www.ewido.net/en/download/

    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

    2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    3. From the main ewido screen, click on UPDATE in the left menu, then click the Start update button.

    4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.


    5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.


    6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.


    Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal.


    Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  6. 30-12-2005  #6
    redwings0413
    redwings0413 is offline Newbie
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 8:08:34 PM, 12/29/2005
    + Report-Checksum: B0E7F5DF

    + Scan result:

    C:\Documents and Settings\COMPAQ\Cookies\compaq@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\COMPAQ\Cookies\compaq@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\COMPAQ\Local Settings\Temporary Internet Files\Content.IE5\QD5632HK\mm[1].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\COMPAQ\Local Settings\Temporary Internet Files\Content.IE5\U1N3MZLJ\mm[1].js -> Spyware.Chitika : Cleaned with backup


    ::Report End



    Logfile of HijackThis v1.99.1
    Scan saved at 8:45:00 PM, on 12/29/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVI C~1.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\COGECO Security Services\backweb\9867844\Program\fspex.exe
    C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
    C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
    C:\Program Files\COGECO Security Services\Anti-Virus\FSGK32.EXE
    C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\COGECO Security Services\Common\FSMB32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\COGECO Security Services\Common\FSM32.EXE
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\COGECO Security Services\FSGUI\ispnews.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\COGECO Security Services\Common\FCH32.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\COGECO Security Services\Common\FAMEH32.EXE
    C:\Program Files\COGECO Security Services\FSPC\fspc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\COGECO Security Services\FSPC\fshttps\fshttps.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\COGECO Security Services\FSGUI\fsguiexe.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.cogeco.ca/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\COGECO Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\COGECO Security Services\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\COGECO Security Services\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: COGECO Security Services (BackWeb Plug-in - 9867844) - Unknown owner - C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERVI C~1.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FSPC\fshttps\fshttps.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  7. 30-12-2005  #7
    Neal
    Neal is offline Dedicated Member
    Hi,

    Your log is clean.


    Search for and delete ALL FOLDER occurrences of Content.ie5 to clean up all 'Temporary Internet Files' content.



    www.kaspersky.com/virusscanner

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

    * The program will launch and then begin downloading the latest definition files:
    * Once the files have been downloaded click on NEXT
    * Now click on Scan Settings
    * In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    - Extended (if available otherwise Standard)
    o Scan Options:
    - Scan Archives
    - Scan Mail Bases
    * Click OK
    * Now under select a target to scan:
    o Select My Computer
    * This program will start and scan your system.
    * The scan will take a while so be patient and let it run.
    * Once the scan is complete it will display if your system has been infected.
    o Now click on the Save as Text button:
    * Save the file to your desktop.
    * Copy and paste that information in your next post.
  8. 31-12-2005  #8
    redwings0413
    redwings0413 is offline Newbie
    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Saturday, December 31, 2005 04:03:14
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 31/12/2005
    Kaspersky Anti-Virus database records: 168411
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 48555
    Number of viruses found: 1
    Number of infected objects: 1
    Number of suspicious objects: 0
    Duration of the scan process: 9839 sec

    Infected Object Name - Virus Name
    C:\System Volume Information\_restore{898FF6F6-FAC0-4500-BB92-71442802F496}\RP117\A0024141.0XE Infected: Trojan-Clicker.Win32.Delf.dm

    Scan process completed.
  9. 31-12-2005  #9
    Neal
    Neal is offline Dedicated Member
    That virus is under system restore and will go away when you flush your restore points.

    Is your computer running ok?

    One last scan to make sure.


    Please download SilentRunners from here:
    http://www.silentrunners.org/Silent%20Runners.zip
    Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.
  10. 01-01-2006  #10
    redwings0413
    redwings0413 is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    The computer seems to be running fine.

    "Silent Runners.vbs", revision 41, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
    "RecordNow!" = (empty string)
    "Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PCTools"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
    "Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
    "AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data]
    "eabconfg.cpl" = "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "]
    "UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
    "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
    "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
    "F-Secure Manager" = ""C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]
    "F-Secure TNB" = ""C:\Program Files\COGECO Security Services\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]
    "F-Secure Startup Wizard" = ""C:\Program Files\COGECO Security Services\FSGUI\FSSW.EXE" /reboot" ["F-Secure Corporation"]
    "News Service" = ""C:\Program Files\COGECO Security Services\FSGUI\ispnews.exe"" ["F-Secure Corporation"]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
    "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\RecordNow!\shlext.dll" ["Sonic Solutions"]
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
    "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
    INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\COMPAQ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


    Startup items in "COMPAQ" & "All Users" startup folders:
    --------------------------------------------------------

    C:\Documents and Settings\COMPAQ\Start Menu\Programs\Startup
    "MRU-Blaster Silent Clean" -> shortcut to: "C:\Program Files\MRU-Blaster\mrublaster.exe -silent" [null data]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
    "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
    "HP Image Zone Fast Start" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


    Enabled Scheduled Tasks:
    ------------------------

    "Scheduled scanning task" -> launches: "C:\PROGRA~1\COGECO~1\ANTI-V~1\fsav.exe /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\COGECO~1\ANTI-V~1\report.txt " ["F-Secure Corporation"]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

    {200DB664-75B5-47C0-8B45-A44ACCF73C00}\
    "ButtonText" = "Web Filter"
    "CLSIDExtension" = "{D68926FD-18FD-4B0E-A1C7-917D13FAB760}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll" ["F-Secure Corporation"]

    {200DB664-75B5-47C0-8B45-A44ACCF73F01}\
    "MenuText" = "Show website &list"
    "CLSIDExtension" = "{CF06A44B-19DA-4eac-B7CF-4AB0198DD959}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll" ["F-Secure Corporation"]

    {200DB664-75B5-47C0-8B45-A44ACCF73F02}\
    "MenuText" = "&Suspend Webpage Filter"
    "CLSIDExtension" = "{878137C3-9DAC-4a48-9625-78A054E86C1E}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll" ["F-Secure Corporation"]

    {200DB664-75B5-47C0-8B45-A44ACCF73F03}\
    "MenuText" = "&Deny this website"
    "CLSIDExtension" = "{A7FC740A-AC46-46d2-9262-E368D619AD17}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll" ["F-Secure Corporation"]

    {200DB664-75B5-47C0-8B45-A44ACCF73F04}\
    "MenuText" = "&Allow this website"
    "CLSIDExtension" = "{C459289E-2150-486b-8556-12C706799CAC}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll" ["F-Secure Corporation"]

    {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
    "ButtonText" = "Spyware Doctor"
    "CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

    {85D1F590-48F4-11D9-9669-0800200C9A66}\
    "MenuText" = "Uninstall BitDefender Online Scanner v8"

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    COGECO Security Services, BackWeb Plug-in - 9867844, "C:\PROGRA~1\COGECO~1\backweb\9867844\Program\SERV IC~1.EXE" [null data]
    ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
    F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]
    F-Secure Gatekeeper Handler Starter, F-Secure Gatekeeper Handler Starter, ""C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe"" ["F-Secure Corp."]
    F-Secure HTTP Server, fshttps, ""C:\Program Files\COGECO Security Services\FSPC\fshttps\fshttps.exe"" ["F-Secure Corporation"]
    F-Secure Management Agent, FSMA, ""C:\Program Files\COGECO Security Services\Common\FSMA32.EXE"" ["F-Secure Corporation"]
    fsbwsys, fsbwsys, ""C:\Program Files\COGECO Security Services\backweb\9867844\program\fsbwsys.exe"" ["F-Secure Corp."]
    iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
    LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
    PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools"]
    SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monito rs\
    HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
    hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]
    Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]


    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 34 seconds.
    + The search for all Registry CLSIDs containing dormant Explorer Bars
    took 14 seconds.
    ---------- (total run time: 78 seconds)
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« eXact searchbar (RESOLVED) | hijack this log: help me please... »