dariom70

Members
  • Content Count

    33
  • Joined

  • Last visited

Community Reputation

0 Neutral

About dariom70

  • Rank
    Advanced Member
  1. Well, thank you very much, once again! I am very glad that the problem is solved now. Thanks for the recommendations!
  2. There were no error messages. Logfile of HijackThis v1.99.1 Scan saved at 10:08:00, on 04/10/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\VRCCfgService.exe C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe C:\Program Files\RACOM\RACOM Internet Client\WlanIke.exe C:\Program Files\RACOM\RACOM Internet Client\VRCRoam.exe C:\Program Files\RACOM\RACOM Internet Client\VRCStatus.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINNT\SYSTEM32\DWRCS.EXE C:\Program Files\ESOE\ELogSrv.exe C:\Program Files\ESOE\ESrv.exe C:\WINNT\system32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sygate\SSA\smc.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\svchost.exe C:\Program Files\ESOE\EDMS\ECIS.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\SYSTEM32\DWRCST.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINNT\system32\internat.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\ESOE\ECC.exe C:\Program Files\ESOE\EDMS\ECP.exe C:\WINNT\system32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WINZIP\winzip32.exe C:\Documents and Settings\rbsdami\Local Settings\Temp\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [VRCNotify] C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe O4 - HKLM\..\Run: [WpsRePsw] C:\WINNT\system32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [statusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Ericsson Corporate Templates Check.lnk = C:\Program Files\Microsoft Office\Templates\1033\Ericsson Corporate Templates\CheckECorpTemplates.exe O4 - Global Startup: ESOE 2000 Client Update.lnk = C:\Program Files\ESOE2000ClientUpdate\eMsgBox.exe O4 - Global Startup: ESOE Control Center.lnk = C:\Program Files\ESOE\ECC.exe O4 - Global Startup: ESOE2000ClientUpdate2.lnk = C:\Program Files\ESOE2000ClientUpdate\ESOE2000ClientUpdate2.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RVIMsgBox.exe.lnk = C:\Program Files\RACOM\RACOM Internet Client\RVIMsgBox.exe O4 - Global Startup: Visio Viewer Update Check.lnk = C:\Program Files\Microsoft Office\Visio Viewer\VisioViewer.exe O4 - Global Startup: WinVNC.lnk = C:\Program Files\ORL\VNC\WinVNC.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Documentum Content Transfer 5.2.5 SP - http://esealmw066:8080/r8a10/wdk/contentXfer/ContentXfer.cab O16 - DPF: JavaConnect - http://sametime.ericsson.se/sametime/javac...JavaConnect.cab O16 - DPF: Sametime BC 651 - http://sametime.ericsson.se/sametime/STBro...dCastClient.cab O16 - DPF: Sametime DA 651 - http://sametime.ericsson.se/sametime/STDir...ctoryApplet.cab O16 - DPF: Sametime MRC 651 - http://sametime.ericsson.se/sametime/stmee...gRoomClient.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2226ED4E-6E9A-472E-97ED-B6D54F3B620B} (STURLConnection Control) - http://sametime.ericsson.se/sametime/javac...rlConLoader.cab O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} (STAutoAway Control) - http://sametime.ericsson.se/sametime/javac...oAwayLoader.cab O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://sametime.ericsson.se/sametime/STMee...STJNILoader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE O23 - Service: ESOE Client Inventory Service (ECIS) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\EDMS\ECIS.exe O23 - Service: ESOE Log Service (ELogSrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ELogSrv.exe O23 - Service: ESOE Process Manager (ESrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ESrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SAVRoam - symantec - c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Ericsson Access Client Configuration Support (VRCCfgService) - Ericsson Enterprise AB - C:\WINNT\system32\VRCCfgService.exe O23 - Service: Ericsson Access Client (VRCService) - Ericsson Enterprise AB - C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe
  3. After I have typed: sc delete net32b the same message showed: "Cannot find the file 'sc' (or one of its components). Make sure the path and filename are correct and that all required libraries are available" Logfile of HijackThis v1.99.1 Scan saved at 10:33:42 AM, on 10/3/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\Explorer.EXE C:\WINNT\SYSTEM32\DWRCST.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\WINNT\system32\internat.exe C:\Documents and Settings\rbsboro\Local Settings\Application Data\Skype\Phone\Skype.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\ESOE\ECC.exe C:\Program Files\ESOE\EDMS\ECP.exe C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE C:\Program Files\Microsoft Office\Office\EXCEL.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WINZIP\winzip32.exe C:\Documents and Settings\rbsboro\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://internal.ericsson.com/page/hub_insi...bject_areas.jsp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www-proxy.ericsson.se:3132/accelerated_pac_base.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.ericsson.se:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.internal.ericsson.com;*.ericsson.se;<local> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file) O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [VRCNotify] C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe O4 - HKLM\..\Run: [WpsRePsw] C:\WINNT\system32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [statusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [skype] "C:\Documents and Settings\rbsboro\Local Settings\Application Data\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunServices: [Windows Kernel System Service] wkssvr.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Ericsson Corporate Templates Check.lnk = C:\Program Files\Microsoft Office\Templates\1033\Ericsson Corporate Templates\CheckECorpTemplates.exe O4 - Global Startup: ESOE 2000 Client Update.lnk = C:\Program Files\ESOE2000ClientUpdate\eMsgBox.exe O4 - Global Startup: ESOE Control Center.lnk = C:\Program Files\ESOE\ECC.exe O4 - Global Startup: ESOE2000ClientUpdate2.lnk = C:\Program Files\ESOE2000ClientUpdate\ESOE2000ClientUpdate2.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RVIMsgBox.exe.lnk = C:\Program Files\RACOM\RACOM Internet Client\RVIMsgBox.exe O4 - Global Startup: Visio Viewer Update Check.lnk = C:\Program Files\Microsoft Office\Visio Viewer\VisioViewer.exe O4 - Global Startup: WinVNC.lnk = C:\Program Files\ORL\VNC\WinVNC.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Documentum Content Transfer 5.2.5 SP - http://esealmw066:8080/r8a10/wdk/contentXfer/ContentXfer.cab O16 - DPF: JavaConnect - http://sametime.ericsson.se/sametime/javac...JavaConnect.cab O16 - DPF: Sametime BC 651 - http://sametime.ericsson.se/sametime/STBro...dCastClient.cab O16 - DPF: Sametime DA 651 - http://sametime.ericsson.se/sametime/STDir...ctoryApplet.cab O16 - DPF: Sametime MRC 651 - http://sametime.ericsson.se/sametime/stmee...gRoomClient.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2226ED4E-6E9A-472E-97ED-B6D54F3B620B} (STURLConnection Control) - http://sametime.ericsson.se/sametime/javac...rlConLoader.cab O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} (STAutoAway Control) - http://sametime.ericsson.se/sametime/javac...oAwayLoader.cab O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://sametime.ericsson.se/sametime/STMee...STJNILoader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE O23 - Service: ESOE Client Inventory Service (ECIS) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\EDMS\ECIS.exe O23 - Service: ESOE Log Service (ELogSrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ELogSrv.exe O23 - Service: ESOE Process Manager (ESrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ESrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: Microsoft Windows Internet Connections Manager (net32b) - Unknown owner - C:\WINNT\system32\net32b.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SAVRoam - symantec - c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Ericsson Access Client Configuration Support (VRCCfgService) - Ericsson Enterprise AB - C:\WINNT\system32\VRCCfgService.exe O23 - Service: Ericsson Access Client (VRCService) - Ericsson Enterprise AB - C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe
  4. It seems that everything is working just fine, now. Thank you very much for your support!
  5. Logfile of HijackThis v1.99.1 Scan saved at 09:23:51, on 29/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\VRCCfgService.exe C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe C:\Program Files\RACOM\RACOM Internet Client\WlanIke.exe C:\Program Files\RACOM\RACOM Internet Client\VRCRoam.exe C:\Program Files\RACOM\RACOM Internet Client\VRCStatus.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINNT\SYSTEM32\DWRCS.EXE C:\Program Files\ESOE\ELogSrv.exe C:\Program Files\ESOE\ESrv.exe C:\WINNT\system32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sygate\SSA\smc.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\svchost.exe C:\Program Files\ESOE\EDMS\ECIS.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\SYSTEM32\DWRCST.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINNT\system32\internat.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\ESOE\ECC.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\ESOE\EDMS\ECP.exe C:\WINNT\system32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE C:\Program Files\WINZIP\winzip32.exe C:\Documents and Settings\rbsdami\Local Settings\Temp\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [VRCNotify] C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe O4 - HKLM\..\Run: [WpsRePsw] C:\WINNT\system32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [statusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Ericsson Corporate Templates Check.lnk = C:\Program Files\Microsoft Office\Templates\1033\Ericsson Corporate Templates\CheckECorpTemplates.exe O4 - Global Startup: ESOE 2000 Client Update.lnk = C:\Program Files\ESOE2000ClientUpdate\eMsgBox.exe O4 - Global Startup: ESOE Control Center.lnk = C:\Program Files\ESOE\ECC.exe O4 - Global Startup: ESOE2000ClientUpdate2.lnk = C:\Program Files\ESOE2000ClientUpdate\ESOE2000ClientUpdate2.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RVIMsgBox.exe.lnk = C:\Program Files\RACOM\RACOM Internet Client\RVIMsgBox.exe O4 - Global Startup: Visio Viewer Update Check.lnk = C:\Program Files\Microsoft Office\Visio Viewer\VisioViewer.exe O4 - Global Startup: WinVNC.lnk = C:\Program Files\ORL\VNC\WinVNC.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Documentum Content Transfer 5.2.5 SP - http://esealmw066:8080/r8a10/wdk/contentXfer/ContentXfer.cab O16 - DPF: JavaConnect - http://sametime.ericsson.se/sametime/javac...JavaConnect.cab O16 - DPF: Sametime BC 651 - http://sametime.ericsson.se/sametime/STBro...dCastClient.cab O16 - DPF: Sametime DA 651 - http://sametime.ericsson.se/sametime/STDir...ctoryApplet.cab O16 - DPF: Sametime MRC 651 - http://sametime.ericsson.se/sametime/stmee...gRoomClient.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2226ED4E-6E9A-472E-97ED-B6D54F3B620B} (STURLConnection Control) - http://sametime.ericsson.se/sametime/javac...rlConLoader.cab O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} (STAutoAway Control) - http://sametime.ericsson.se/sametime/javac...oAwayLoader.cab O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://sametime.ericsson.se/sametime/STMee...STJNILoader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE O23 - Service: ESOE Client Inventory Service (ECIS) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\EDMS\ECIS.exe O23 - Service: ESOE Log Service (ELogSrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ELogSrv.exe O23 - Service: ESOE Process Manager (ESrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ESrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: Microsoft Windows Internet Connections Manager (net32b) - Unknown owner - C:\WINNT\system32\net32b.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SAVRoam - symantec - c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Ericsson Access Client Configuration Support (VRCCfgService) - Ericsson Enterprise AB - C:\WINNT\system32\VRCCfgService.exe O23 - Service: Ericsson Access Client (VRCService) - Ericsson Enterprise AB - C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe
  6. I could not have done that. The same warning came out: "Cannot find the file 'sc' (or one of its components). Make sure the path and filename are correct and that all required libraries are available"
  7. SDFix: Version 1.26 ------------------- Scan run on: sri 27.09.2006 Time: 15:15 Microsoft Windows 2000 [Version 5.00.2195] Running from: C:\Documents and Settings\Administrator\Desktop\SDFix Stage One... Checking Services... Name: ----- lsass net32b rdriv SVKP Windows Socket System Service Path: ---- "C:\WINNT\lsass.exe" C:\WINNT\system32\net32b.exe \??\C:\WINNT\system32\rdriv.sys \??\C:\WINNT\system32\SVKP.sys "C:\WINNT\system32\dllcache\wksrvs.exe" lsass ... deleted net32b ... deleted rdriv ... deleted SVKP ... deleted Windows Socket System Service ... deleted Repairing Registry... Restoring Default Hosts File... Stage One Complete Rebooting! Stage Two... Registry Cleaning Finished... Checking For Malware Files: -------------------------- C:\WINNT\system32\i C:\WINNT\system32\net32b.exe C:\WINNT\system32\rdriv.sys C:\WINNT\system32\SVKP.SYS Backing Up and Removing any Files Found... Final Check: Remaining Services: ------------------ Remaining Files: -------------- *Any removed Files are saved in the SDFix\backups Folder* *FINISHED* Logfile of HijackThis v1.99.1 Scan saved at 16:32:16, on 27/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\VRCCfgService.exe C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe C:\Program Files\RACOM\RACOM Internet Client\WlanIke.exe C:\Program Files\RACOM\RACOM Internet Client\VRCRoam.exe C:\Program Files\RACOM\RACOM Internet Client\VRCStatus.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINNT\SYSTEM32\DWRCS.EXE C:\Program Files\ESOE\ELogSrv.exe C:\Program Files\ESOE\ESrv.exe C:\WINNT\system32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sygate\SSA\smc.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\svchost.exe C:\Program Files\ESOE\EDMS\ECIS.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\SYSTEM32\DWRCST.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\WINNT\system32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINNT\system32\internat.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\WINNT\system32\msiexec.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINNT\system32\cmd.exe C:\WINNT\system32\ftp.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\ESOE\ECC.exe C:\Program Files\ESOE\EDMS\ECP.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WINZIP\winzip32.exe C:\Documents and Settings\rbsdami\Local Settings\Temp\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [VRCNotify] C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe O4 - HKLM\..\Run: [WpsRePsw] C:\WINNT\system32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [statusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Ericsson Corporate Templates Check.lnk = C:\Program Files\Microsoft Office\Templates\1033\Ericsson Corporate Templates\CheckECorpTemplates.exe O4 - Global Startup: ESOE 2000 Client Update.lnk = C:\Program Files\ESOE2000ClientUpdate\eMsgBox.exe O4 - Global Startup: ESOE Control Center.lnk = C:\Program Files\ESOE\ECC.exe O4 - Global Startup: ESOE2000ClientUpdate2.lnk = C:\Program Files\ESOE2000ClientUpdate\ESOE2000ClientUpdate2.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RVIMsgBox.exe.lnk = C:\Program Files\RACOM\RACOM Internet Client\RVIMsgBox.exe O4 - Global Startup: Visio Viewer Update Check.lnk = C:\Program Files\Microsoft Office\Visio Viewer\VisioViewer.exe O4 - Global Startup: WinVNC.lnk = C:\Program Files\ORL\VNC\WinVNC.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Documentum Content Transfer 5.2.5 SP - http://esealmw066:8080/r8a10/wdk/contentXfer/ContentXfer.cab O16 - DPF: JavaConnect - http://sametime.ericsson.se/sametime/javac...JavaConnect.cab O16 - DPF: Sametime BC 651 - http://sametime.ericsson.se/sametime/STBro...dCastClient.cab O16 - DPF: Sametime DA 651 - http://sametime.ericsson.se/sametime/STDir...ctoryApplet.cab O16 - DPF: Sametime MRC 651 - http://sametime.ericsson.se/sametime/stmee...gRoomClient.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2226ED4E-6E9A-472E-97ED-B6D54F3B620B} (STURLConnection Control) - http://sametime.ericsson.se/sametime/javac...rlConLoader.cab O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} (STAutoAway Control) - http://sametime.ericsson.se/sametime/javac...oAwayLoader.cab O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://sametime.ericsson.se/sametime/STMee...STJNILoader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE O23 - Service: ESOE Client Inventory Service (ECIS) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\EDMS\ECIS.exe O23 - Service: ESOE Log Service (ELogSrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ELogSrv.exe O23 - Service: ESOE Process Manager (ESrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ESrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINNT\system32\net32a.exe (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SAVRoam - symantec - c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Ericsson Access Client Configuration Support (VRCCfgService) - Ericsson Enterprise AB - C:\WINNT\system32\VRCCfgService.exe O23 - Service: Ericsson Access Client (VRCService) - Ericsson Enterprise AB - C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe O23 - Service: Windows Firewall (WinFWd) - Unknown owner - C:\WINNT\dllhost.exe (file missing)
  8. Logfile of HijackThis v1.99.1 Scan saved at 10:38:59, on 27/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\VRCCfgService.exe C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe C:\Program Files\RACOM\RACOM Internet Client\WlanIke.exe C:\Program Files\RACOM\RACOM Internet Client\VRCRoam.exe C:\Program Files\RACOM\RACOM Internet Client\VRCStatus.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINNT\SYSTEM32\DWRCS.EXE C:\Program Files\ESOE\ELogSrv.exe C:\Program Files\ESOE\ESrv.exe C:\WINNT\system32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sygate\SSA\smc.exe C:\WINNT\system32\stisvc.exe C:\Program Files\ESOE\EDMS\ECIS.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\SYSTEM32\DWRCST.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINNT\system32\internat.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ESOE\ECC.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\ESOE\EDMS\ECP.exe C:\WINNT\system32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE C:\Program Files\WINZIP\winzip32.exe C:\Documents and Settings\rbsdami\Local Settings\Temp\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [VRCNotify] C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe O4 - HKLM\..\Run: [WpsRePsw] C:\WINNT\system32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [statusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Ericsson Corporate Templates Check.lnk = C:\Program Files\Microsoft Office\Templates\1033\Ericsson Corporate Templates\CheckECorpTemplates.exe O4 - Global Startup: ESOE 2000 Client Update.lnk = C:\Program Files\ESOE2000ClientUpdate\eMsgBox.exe O4 - Global Startup: ESOE Control Center.lnk = C:\Program Files\ESOE\ECC.exe O4 - Global Startup: ESOE2000ClientUpdate2.lnk = C:\Program Files\ESOE2000ClientUpdate\ESOE2000ClientUpdate2.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RVIMsgBox.exe.lnk = C:\Program Files\RACOM\RACOM Internet Client\RVIMsgBox.exe O4 - Global Startup: Visio Viewer Update Check.lnk = C:\Program Files\Microsoft Office\Visio Viewer\VisioViewer.exe O4 - Global Startup: WinVNC.lnk = C:\Program Files\ORL\VNC\WinVNC.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Documentum Content Transfer 5.2.5 SP - http://esealmw066:8080/r8a10/wdk/contentXfer/ContentXfer.cab O16 - DPF: JavaConnect - http://sametime.ericsson.se/sametime/javac...JavaConnect.cab O16 - DPF: Sametime BC 651 - http://sametime.ericsson.se/sametime/STBro...dCastClient.cab O16 - DPF: Sametime DA 651 - http://sametime.ericsson.se/sametime/STDir...ctoryApplet.cab O16 - DPF: Sametime MRC 651 - http://sametime.ericsson.se/sametime/stmee...gRoomClient.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2226ED4E-6E9A-472E-97ED-B6D54F3B620B} (STURLConnection Control) - http://sametime.ericsson.se/sametime/javac...rlConLoader.cab O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} (STAutoAway Control) - http://sametime.ericsson.se/sametime/javac...oAwayLoader.cab O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://sametime.ericsson.se/sametime/STMee...STJNILoader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE O23 - Service: ESOE Client Inventory Service (ECIS) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\EDMS\ECIS.exe O23 - Service: ESOE Log Service (ELogSrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ELogSrv.exe O23 - Service: ESOE Process Manager (ESrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ESrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINNT\lsass.exe (file missing) O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINNT\system32\net32a.exe (file missing) O23 - Service: Microsoft Windows Internet Connections Manager (net32b) - Unknown owner - C:\WINNT\system32\net32b.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SAVRoam - symantec - c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Ericsson Access Client Configuration Support (VRCCfgService) - Ericsson Enterprise AB - C:\WINNT\system32\VRCCfgService.exe O23 - Service: Ericsson Access Client (VRCService) - Ericsson Enterprise AB - C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe O23 - Service: Windows Firewall (WinFWd) - Unknown owner - C:\WINNT\dllhost.exe (file missing)
  9. After I did: start==>run==>sc stop WinFWd I received the following: "Cannot find the file 'sc' (or one of its components). Make sure the path and filename are correct and that all required libraries are available" Here is the HJL: Logfile of HijackThis v1.99.1 Scan saved at 16:59:22, on 25/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\VRCCfgService.exe C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe C:\Program Files\RACOM\RACOM Internet Client\WlanIke.exe C:\Program Files\RACOM\RACOM Internet Client\VRCRoam.exe C:\Program Files\RACOM\RACOM Internet Client\VRCStatus.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINNT\SYSTEM32\DWRCS.EXE C:\Program Files\ESOE\ELogSrv.exe C:\Program Files\ESOE\ESrv.exe C:\WINNT\system32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sygate\SSA\smc.exe C:\WINNT\system32\stisvc.exe C:\Program Files\ESOE\EDMS\ECIS.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\SYSTEM32\DWRCST.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINNT\system32\internat.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ORL\VNC\WinVNC.exe C:\Program Files\ESOE\ECC.exe C:\Program Files\ESOE\EDMS\ECP.exe C:\WINNT\system32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WINZIP\winzip32.exe C:\Documents and Settings\rbsdami\Local Settings\Temp\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [VRCNotify] C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe O4 - HKLM\..\Run: [WpsRePsw] C:\WINNT\system32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [statusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Ericsson Corporate Templates Check.lnk = C:\Program Files\Microsoft Office\Templates\1033\Ericsson Corporate Templates\CheckECorpTemplates.exe O4 - Global Startup: ESOE 2000 Client Update.lnk = C:\Program Files\ESOE2000ClientUpdate\eMsgBox.exe O4 - Global Startup: ESOE Control Center.lnk = C:\Program Files\ESOE\ECC.exe O4 - Global Startup: ESOE2000ClientUpdate2.lnk = C:\Program Files\ESOE2000ClientUpdate\ESOE2000ClientUpdate2.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RVIMsgBox.exe.lnk = C:\Program Files\RACOM\RACOM Internet Client\RVIMsgBox.exe O4 - Global Startup: Visio Viewer Update Check.lnk = C:\Program Files\Microsoft Office\Visio Viewer\VisioViewer.exe O4 - Global Startup: WinVNC.lnk = C:\Program Files\ORL\VNC\WinVNC.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Documentum Content Transfer 5.2.5 SP - http://esealmw066:8080/r8a10/wdk/contentXfer/ContentXfer.cab O16 - DPF: JavaConnect - http://sametime.ericsson.se/sametime/javac...JavaConnect.cab O16 - DPF: Sametime BC 651 - http://sametime.ericsson.se/sametime/STBro...dCastClient.cab O16 - DPF: Sametime DA 651 - http://sametime.ericsson.se/sametime/STDir...ctoryApplet.cab O16 - DPF: Sametime MRC 651 - http://sametime.ericsson.se/sametime/stmee...gRoomClient.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2226ED4E-6E9A-472E-97ED-B6D54F3B620B} (STURLConnection Control) - http://sametime.ericsson.se/sametime/javac...rlConLoader.cab O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} (STAutoAway Control) - http://sametime.ericsson.se/sametime/javac...oAwayLoader.cab O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://sametime.ericsson.se/sametime/STMee...STJNILoader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE O23 - Service: ESOE Client Inventory Service (ECIS) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\EDMS\ECIS.exe O23 - Service: ESOE Log Service (ELogSrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ELogSrv.exe O23 - Service: ESOE Process Manager (ESrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ESrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINNT\lsass.exe (file missing) O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINNT\system32\net32a.exe (file missing) O23 - Service: Microsoft Windows Internet Connections Manager (net32b) - Unknown owner - C:\WINNT\system32\net32b.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SAVRoam - symantec - c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Ericsson Access Client Configuration Support (VRCCfgService) - Ericsson Enterprise AB - C:\WINNT\system32\VRCCfgService.exe O23 - Service: Ericsson Access Client (VRCService) - Ericsson Enterprise AB - C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe O23 - Service: Windows Firewall (WinFWd) - Unknown owner - C:\WINNT\dllhost.exe (file missing)
  10. Hi, Thank you very much for your support. The PC works just fine, now.
  11. I did the Blacklight scan once again this morning. It did not find any file to rename. Here are new HJT log and Blacklight report. I still can not find the C:\WINNT\lsass.exe.ren. 09/12/06 10:30:33 [info]: BlackLight Engine 1.0.46 initialized 09/12/06 10:30:33 [info]: OS: 5.0 build 2195 (Service Pack 4) 09/12/06 10:30:33 [Note]: 7019 4 09/12/06 10:30:33 [Note]: 7005 0 09/12/06 10:30:35 [Note]: 7006 0 09/12/06 10:30:35 [Note]: 7011 1484 09/12/06 10:30:35 [Note]: 7026 0 09/12/06 10:30:36 [Note]: 7026 0 09/12/06 10:30:50 [Note]: FSRAW library version 1.7.1019 09/12/06 10:34:17 [Note]: 7007 0 Logfile of HijackThis v1.99.1 Scan saved at 10:41:18, on 12/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\VRCCfgService.exe C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe C:\Program Files\RACOM\RACOM Internet Client\WlanIke.exe C:\Program Files\RACOM\RACOM Internet Client\VRCRoam.exe C:\Program Files\RACOM\RACOM Internet Client\VRCStatus.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINNT\SYSTEM32\DWRCS.EXE C:\Program Files\ESOE\ELogSrv.exe C:\Program Files\ESOE\ESrv.exe C:\WINNT\system32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sygate\SSA\smc.exe C:\WINNT\system32\stisvc.exe C:\Program Files\ESOE\EDMS\ECIS.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\SYSTEM32\DWRCST.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINNT\system32\internat.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ESOE\ECC.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\WINNT\system32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE C:\Program Files\ESOE\EDMS\ECP.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\cmd.exe C:\WINNT\system32\msiexec.exe C:\Program Files\WINZIP\winzip32.exe C:\Documents and Settings\rbsdami\Local Settings\Temp\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [VRCNotify] C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe O4 - HKLM\..\Run: [WpsRePsw] C:\WINNT\system32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [statusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Ericsson Corporate Templates Check.lnk = C:\Program Files\Microsoft Office\Templates\1033\Ericsson Corporate Templates\CheckECorpTemplates.exe O4 - Global Startup: ESOE 2000 Client Update.lnk = C:\Program Files\ESOE2000ClientUpdate\eMsgBox.exe O4 - Global Startup: ESOE Control Center.lnk = C:\Program Files\ESOE\ECC.exe O4 - Global Startup: ESOE2000ClientUpdate2.lnk = C:\Program Files\ESOE2000ClientUpdate\ESOE2000ClientUpdate2.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RVIMsgBox.exe.lnk = C:\Program Files\RACOM\RACOM Internet Client\RVIMsgBox.exe O4 - Global Startup: Visio Viewer Update Check.lnk = C:\Program Files\Microsoft Office\Visio Viewer\VisioViewer.exe O4 - Global Startup: WinVNC.lnk = C:\Program Files\ORL\VNC\WinVNC.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Documentum Content Transfer 5.2.5 SP - http://esealmw066:8080/r8a10/wdk/contentXfer/ContentXfer.cab O16 - DPF: JavaConnect - http://sametime.ericsson.se/sametime/javac...JavaConnect.cab O16 - DPF: Sametime BC 651 - http://sametime.ericsson.se/sametime/STBro...dCastClient.cab O16 - DPF: Sametime DA 651 - http://sametime.ericsson.se/sametime/STDir...ctoryApplet.cab O16 - DPF: Sametime MRC 651 - http://sametime.ericsson.se/sametime/stmee...gRoomClient.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2226ED4E-6E9A-472E-97ED-B6D54F3B620B} (STURLConnection Control) - http://sametime.ericsson.se/sametime/javac...rlConLoader.cab O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} (STAutoAway Control) - http://sametime.ericsson.se/sametime/javac...oAwayLoader.cab O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://sametime.ericsson.se/sametime/STMee...STJNILoader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE O23 - Service: ESOE Client Inventory Service (ECIS) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\EDMS\ECIS.exe O23 - Service: ESOE Log Service (ELogSrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ELogSrv.exe O23 - Service: ESOE Process Manager (ESrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ESrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINNT\lsass.exe (file missing) O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINNT\system32\net32a.exe (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SAVRoam - symantec - c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Ericsson Access Client Configuration Support (VRCCfgService) - Ericsson Enterprise AB - C:\WINNT\system32\VRCCfgService.exe O23 - Service: Ericsson Access Client (VRCService) - Ericsson Enterprise AB - C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe O23 - Service: Windows Firewall (WinFWd) - Unknown owner - C:\WINNT\dllhost.exe (file missing)
  12. I was not able to find C:\WINNT\Isass.exe.ren Anyway, here is what you have asked for. Logfile of HijackThis v1.99.1 Scan saved at 17:20:17, on 11/09/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\VRCCfgService.exe C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe C:\Program Files\RACOM\RACOM Internet Client\WlanIke.exe C:\Program Files\RACOM\RACOM Internet Client\VRCRoam.exe C:\Program Files\RACOM\RACOM Internet Client\VRCStatus.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINNT\SYSTEM32\DWRCS.EXE C:\Program Files\ESOE\ELogSrv.exe C:\Program Files\ESOE\ESrv.exe C:\WINNT\system32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sygate\SSA\smc.exe C:\WINNT\system32\stisvc.exe C:\Program Files\ESOE\EDMS\ECIS.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\SYSTEM32\DWRCST.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINNT\system32\hkcmd.exe C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINNT\system32\internat.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\ESOE\ECC.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\WINNT\system32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE C:\Program Files\ESOE\EDMS\ECP.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WINZIP\winzip32.exe C:\Documents and Settings\rbsdami\Local Settings\Temp\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe O4 - HKLM\..\Run: [VRCNotify] C:\Program Files\RACOM\RACOM Internet Client\VRCNotify.exe O4 - HKLM\..\Run: [WpsRePsw] C:\WINNT\system32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [statusClient 2.5] C:\Program Files\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Ericsson Corporate Templates Check.lnk = C:\Program Files\Microsoft Office\Templates\1033\Ericsson Corporate Templates\CheckECorpTemplates.exe O4 - Global Startup: ESOE 2000 Client Update.lnk = C:\Program Files\ESOE2000ClientUpdate\eMsgBox.exe O4 - Global Startup: ESOE Control Center.lnk = C:\Program Files\ESOE\ECC.exe O4 - Global Startup: ESOE2000ClientUpdate2.lnk = C:\Program Files\ESOE2000ClientUpdate\ESOE2000ClientUpdate2.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RVIMsgBox.exe.lnk = C:\Program Files\RACOM\RACOM Internet Client\RVIMsgBox.exe O4 - Global Startup: Visio Viewer Update Check.lnk = C:\Program Files\Microsoft Office\Visio Viewer\VisioViewer.exe O4 - Global Startup: WinVNC.lnk = C:\Program Files\ORL\VNC\WinVNC.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Documentum Content Transfer 5.2.5 SP - http://esealmw066:8080/r8a10/wdk/contentXfer/ContentXfer.cab O16 - DPF: JavaConnect - http://sametime.ericsson.se/sametime/javac...JavaConnect.cab O16 - DPF: Sametime BC 651 - http://sametime.ericsson.se/sametime/STBro...dCastClient.cab O16 - DPF: Sametime DA 651 - http://sametime.ericsson.se/sametime/STDir...ctoryApplet.cab O16 - DPF: Sametime MRC 651 - http://sametime.ericsson.se/sametime/stmee...gRoomClient.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2226ED4E-6E9A-472E-97ED-B6D54F3B620B} (STURLConnection Control) - http://sametime.ericsson.se/sametime/javac...rlConLoader.cab O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} (STAutoAway Control) - http://sametime.ericsson.se/sametime/javac...oAwayLoader.cab O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://sametime.ericsson.se/sametime/STMee...STJNILoader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - http://www.photodex.com/pxplay.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eemea.ericsson.se O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE O23 - Service: ESOE Client Inventory Service (ECIS) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\EDMS\ECIS.exe O23 - Service: ESOE Log Service (ELogSrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ELogSrv.exe O23 - Service: ESOE Process Manager (ESrv) - Hewlett-Packard Sverige AB - C:\Program Files\ESOE\ESrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINNT\lsass.exe (file missing) O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: Windows Genuine Advantage Registration Service (net32a) - Unknown owner - C:\WINNT\system32\net32a.exe (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: SAVRoam - symantec - c:\PROGRA~1\SYMANT~1\SYMANT~1\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Ericsson Access Client Configuration Support (VRCCfgService) - Ericsson Enterprise AB - C:\WINNT\system32\VRCCfgService.exe O23 - Service: Ericsson Access Client (VRCService) - Ericsson Enterprise AB - C:\Program Files\RACOM\RACOM Internet Client\VRCService.exe O23 - Service: Windows Firewall (WinFWd) - Unknown owner - C:\WINNT\dllhost.exe (file missing) 09/11/06 16:55:22 [info]: BlackLight Engine 1.0.46 initialized 09/11/06 16:55:22 [info]: OS: 5.0 build 2195 (Service Pack 4) 09/11/06 16:55:28 [Note]: 7019 4 09/11/06 16:55:28 [Note]: 7005 0 09/11/06 16:55:36 [Note]: 7006 0 09/11/06 16:55:37 [Note]: 7011 1716 09/11/06 16:55:37 [Note]: 7026 0 09/11/06 16:55:37 [Note]: 7026 0 09/11/06 16:55:37 [Note]: 7024 3 09/11/06 16:55:37 [info]: Hidden process: C:\WINNT\lsass.exe 09/11/06 16:55:37 [Note]: FSRAW library version 1.7.1019 09/11/06 17:01:38 [Note]: 7002 0 09/11/06 17:01:38 [Note]: 7003 1 09/11/06 17:02:26 [Note]: 7007 0
  13. Here is the fsbl.log. 09/11/06 08:09:29 [info]: BlackLight Engine 1.0.46 initialized 09/11/06 08:09:29 [info]: OS: 5.0 build 2195 (Service Pack 4) 09/11/06 08:09:29 [Note]: 7019 4 09/11/06 08:09:29 [Note]: 7005 0 09/11/06 08:09:44 [Note]: 7006 0 09/11/06 08:09:44 [Note]: 7011 2444 09/11/06 08:09:44 [Note]: 7026 0 09/11/06 08:09:44 [Note]: 7026 0 09/11/06 08:09:44 [Note]: 7024 3 09/11/06 08:09:44 [info]: Hidden process: C:\WINNT\lsass.exe 09/11/06 08:09:44 [Note]: FSRAW library version 1.7.1019 09/11/06 08:15:06 [Note]: 7002 0 09/11/06 08:15:06 [Note]: 7003 1
  14. Here it is. rbsdami - Sat 09/09/2006 13:33:00.04 ComboFix 06.09.04BT - Running from: C:\Documents and Settings\rbsdami\Desktop Microsoft Windows 2000 [Version 5.00.2195] ((((((((((((((((((((((((((((((( Files Created from 2006-08-09 to 2006-09-09 )))))))))))))))))))))))))))))))))) 2006-09-09 12:52 7,168 --a------ C:\WINNT\system32\rdriv.sys 2006-08-29 10:08 1,093,632 --------- C:\WINNT\lsass.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-04 13:33 -------- d-------- C:\Documents and Settings\rbsdami\Application Data\Real 2006-08-31 11:35 -------- d-a------ C:\Program Files\ewido anti-spyware 4.0 2006-08-31 09:21 -------- d-------- C:\Documents and Settings\rbsdami\Application Data\Help 2006-08-28 10:24 -------- d-------- C:\Program Files\Windows SyncroAd (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe /logon" "vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe" "IgfxTray"="C:\\WINNT\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\WINNT\\system32\\hkcmd.exe" "VRCNotify"="C:\\Program Files\\RACOM\\RACOM Internet Client\\VRCNotify.exe" @="" "WpsRePsw"="C:\\WINNT\\system32\\spool\\DRIVERS\\W32X86\\2\\WpsRePsw.EXE" "StatusClient 2.5"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\Apache Tomcat 4.0\\webapps\\Toolbox\\StatusClient\\StatusClient.exe /auto" "TomcatStartup 2.5"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\hpbpsttp.exe" "SmcService"="C:\\PROGRA~1\\Sygate\\SSA\\smc.exe -startgui" "OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\"" "NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Internat.exe"="internat.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000001 "legalnoticecaption"="Important Legal Notice (v.1.0)" "legalnoticetext"="These computer resources,specifically Internet access and E-mail,are provided for authorized users only. For legal,security and cost reasons,utilization and access of resources are monitored and recorded in log files. All information (whether business or personal) that is created,received,downloaded,stored,sent or otherwise processed can be accessed,reviewed,copied,recorded or deleted by Ericsson,in accordance with approved internal procedures,at any time if deemed necessary or appropriate,and without advance notice. Any evidence of unauthorized access or misuse of Ericsson resources may result in disciplinary actions,including termination of employment or assignment,and could subject a user to criminal prosecution. Your use of Ericsson's computer resources constitutes your consent to Ericsson's Policies and Directives,including the provisions stated above. IF YOU ARE NOT AN AUTHORIZED USER,PLEASE EXIT IMMEDIATELY" "shutdownwithoutlogon"=dword:00000001 "RunLogonScriptSync"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 "ForceStartMenuLogOff"=dword:00000001 "NoWindowsUpdate"=dword:00000001 "NoWelcomeScreen"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000003 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00002002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,10,03,00,00,1f,00,00,00,e0,00,00,00,d6,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "^SetupICWDesktop"="" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] "Windows Kernel System Service"="wkssvr.exe" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{6129C408-54BF-4A2B-AA6C-9CC5E737261F}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" Completion time: Sat 2006-09-09 13:36:06.28 ComboFix.txt ComboFix2.txt ComboFix3.txt