Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Remove Winfixer And Adultfriendfinder


  • Please log in to reply
3 replies to this topic

#1 chrisyee

chrisyee

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 12 January 2006 - 09:09 PM

Winfixer and Adultfriendfinder keeps poping up when I sign on to the internet. How can I remove it?

Logfile of HijackThis v1.99.1
Scan saved at 6:06:18 PM, on 1/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\msoftconf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\skp.exe
c:\goaway.exe
c:\goaway.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Downloads\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\System32\mlljh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\Run: [Microsoft Configure 32] msoftconf.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Microsoft Configure 32] msoftconf.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Microsoft Configure 32] msoftconf.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112921850718
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07E2C08D-569A-48FB-977E-53B5628F1C16}: NameServer = 65.106.0.254 65.106.7.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07E2C08D-569A-48FB-977E-53B5628F1C16}: NameServer = 65.106.0.254 65.106.7.254
O20 - Winlogon Notify: mlljh - C:\WINDOWS\System32\mlljh.dll
O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown owner - C:\WINDOWS\skp.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 January 2006 - 11:48 AM

Hi chrisyee and Welcome to the Bleeping Computer!

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates


Please post the contents of C:\vundofix.txt-> the WinPFind log-> results from Panda Scan and a new HiJackThis log.

#3 chrisyee

chrisyee
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 26 January 2006 - 01:48 AM

Sorry for the late response. Here is my vundofix.txt, the WinPFind log, results from Panda Scan, and a new HiJackThis log.

Thank you for your help!


VundoFix V4.0

Listing files found while scanning....

C:\WINDOWS\System32\mlljh.dll
C:\WINDOWS\System32\hjllm.ini
C:\WINDOWS\System32\hjllm.bak1
C:\WINDOWS\System32\hjllm.bak2
C:\WINDOWS\System32\hjllm.ini2
C:\WINDOWS\System32\hjllm.tmp

C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.tmp
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\mlljh.dll
Attempting to delete C:\WINDOWS\System32\mlljh.dll
C:\WINDOWS\System32\mlljh.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\hjllm.ini
C:\WINDOWS\System32\hjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\hjllm.bak1
C:\WINDOWS\System32\hjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\hjllm.bak2
C:\WINDOWS\System32\hjllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\hjllm.ini2
C:\WINDOWS\System32\hjllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\hjllm.tmp
C:\WINDOWS\System32\hjllm.tmp Has been deleted!

Performing Repairs to the registry.
Done!
VundoFix V4.0

Listing files found while scanning....


VundoFix V4.0

Listing files found while scanning....


VundoFix V4.0

Listing files found while scanning....


***************************************************************************

WinPFind v1.4.1

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...
UPX! 5/15/2005 10:42:14 AM 59777 C:\asd3.exe
UPX! 5/1/2005 9:51:22 PM 26112 C:\sdas.exe
UPX! 5/7/2005 11:16:10 PM 59775 C:\sds.exe
UPX! 10/9/2005 8:46:02 PM 175063 C:\SystemGaurds32.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
FSG! 8/26/2005 11:53:40 PM RHS 62381 C:\WINDOWS\windupdate.exe

Checking %System% folder...
UPX! 7/9/2005 1:03:06 AM 433152 C:\WINDOWS\SYSTEM32\aswBoot.exe
PEC2 8/29/2002 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 8/23/2005 5:21:48 PM 64000 C:\WINDOWS\SYSTEM32\eraseme_02814.exe
FSG! 10/4/2005 3:24:18 PM 62381 C:\WINDOWS\SYSTEM32\eraseme_06038.exe
FSG! 10/4/2005 9:15:16 PM 62381 C:\WINDOWS\SYSTEM32\eraseme_12874.exe
FSG! 9/17/2005 9:51:54 AM 39784 C:\WINDOWS\SYSTEM32\eraseme_13508.exe
FSG! 9/16/2005 9:19:34 AM 62381 C:\WINDOWS\SYSTEM32\eraseme_17372.exe
FSG! 9/22/2005 6:05:36 PM 62381 C:\WINDOWS\SYSTEM32\eraseme_26623.exe
aspack 8/23/2005 3:39:12 PM 64000 C:\WINDOWS\SYSTEM32\eraseme_36604.exe
FSG! 10/4/2005 9:21:16 PM 62381 C:\WINDOWS\SYSTEM32\eraseme_43318.exe
FSG! 10/2/2005 9:13:42 PM 62381 C:\WINDOWS\SYSTEM32\eraseme_44026.exe
FSG! 9/5/2005 9:14:36 PM 62381 C:\WINDOWS\SYSTEM32\eraseme_63121.exe
FSG! 10/2/2005 5:20:04 PM 62381 C:\WINDOWS\SYSTEM32\eraseme_78084.exe
FSG! 9/16/2005 9:48:18 PM 62381 C:\WINDOWS\SYSTEM32\eraseme_78624.exe
FSG! 10/2/2005 5:36:34 PM 62381 C:\WINDOWS\SYSTEM32\eraseme_83461.exe
PTech 8/29/2005 12:27:12 PM 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 5/7/2005 9:51:36 AM 1043800 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 5/7/2005 9:51:36 AM 1043800 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 1/8/2006 8:44:52 PM RHS 98304 C:\WINDOWS\SYSTEM32\msgconfigre.exe
UPX! 8/29/2002 4:00:00 AM RHS 98304 C:\WINDOWS\SYSTEM32\msoftconf.exe
Umonitor 8/29/2002 4:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 7/18/2005 9:42:52 PM R 9216 C:\WINDOWS\SYSTEM32\TFTP3100
winsync 8/29/2002 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

UPX! 9/21/2005 8:50:20 PM 892818 C:\WINDOWS\SYSTEM32\drivers\etc\winpit4.exe
aspack 2/2/2003 2:02:38 PM 15360 C:\WINDOWS\SYSTEM32\drivers\etc\systemp\tlist.exe

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/25/2006 9:14:52 PM S 2048 C:\WINDOWS\bootstat.dat
12/27/2005 5:50:12 PM H 0 C:\WINDOWS\LastGood\INF\dxbda.inf
12/27/2005 5:50:12 PM H 0 C:\WINDOWS\LastGood\INF\dxbda.PNF
12/27/2005 5:50:10 PM H 0 C:\WINDOWS\LastGood\INF\dxdllreg.inf
12/27/2005 5:50:10 PM H 0 C:\WINDOWS\LastGood\INF\dxdllreg.PNF
12/27/2005 5:49:40 PM H 0 C:\WINDOWS\LastGood\INF\dxxp.inf
12/27/2005 5:49:40 PM H 0 C:\WINDOWS\LastGood\INF\dxxp.PNF
1/11/2006 6:27:50 PM H 0 C:\WINDOWS\LastGood\INF\oem10.inf
1/11/2006 6:27:50 PM H 0 C:\WINDOWS\LastGood\INF\oem10.PNF
1/16/2006 6:21:02 PM H 0 C:\WINDOWS\LastGood\INF\oem11.inf
1/16/2006 6:21:02 PM H 0 C:\WINDOWS\LastGood\INF\oem11.PNF
1/11/2006 6:27:50 PM H 0 C:\WINDOWS\LastGood\INF\oem9.inf
1/11/2006 6:27:50 PM H 0 C:\WINDOWS\LastGood\INF\oem9.PNF
1/8/2006 8:44:52 PM RHS 98304 C:\WINDOWS\system32\msgconfigre.exe
1/25/2006 9:14:46 PM H 8192 C:\WINDOWS\system32\config\default.LOG
1/25/2006 9:15:10 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
1/25/2006 9:14:54 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
1/25/2006 9:16:02 PM H 94208 C:\WINDOWS\system32\config\software.LOG
1/25/2006 9:14:52 PM H 806912 C:\WINDOWS\system32\config\system.LOG
1/3/2006 4:34:20 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\85b616d7-b8d3-411d-bc9d-6c301eb2d2c9
1/3/2006 4:34:20 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
1/25/2006 9:13:40 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/29/2002 4:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/3/2004 1:03:24 PM 167704 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 578560 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 129024 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 268288 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
11/28/2005 5:05:22 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
4/4/2005 2:57:14 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
4/7/2005 11:20:30 AM 1777 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
4/10/2005 4:57:26 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
4/4/2005 7:47:48 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
4/4/2005 2:57:14 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
4/4/2005 7:47:48 AM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{81559C35-8464-49F7-BB0E-07A383BEF910} = C:\Program Files\SpywareGuard\spywareguard.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
NeroCheck C:\WINDOWS\system32\NeroCheck.exe
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
Compaq32 Service Drivers msconfig32.exe
Microsoft Configure 32 msoftconf.exe
NI.UWFX6_0001_N57M0912 "C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX6_0001_N57M0912NetInstaller.exe" -nag

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
Compaq32 Service Drivers msconfig32.exe
Microsoft Configure 32 msoftconf.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/25/2006 9:21:21 PM



***************************************************************************


Panda Scan


Incident Status Location

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.4\UWFX6_0001_N57M0912NETINSTALLER.EXE
Virus:Trj/LowZones.OH Disinfected Operating system
Hacktool:hacktool/rootkit.a!cme-96 Not disinfected C:\WINDOWS\SYSTEM32\rdriv.sys
Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWFX6_0001_N57M0912NetInstaller.exe
Adware:adware/topspyware Not disinfected C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmplayer.exe.tmp
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/startpage.amb Not disinfected C:\Documents and Settings\TEST\Favorites\Health
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\TEST\Cookies\test@adultfriendfinder[2].txt
Virus:Trj/Multidropper.AIP Disinfected C:\asd3.exe
Spyware:Cookie/TopConvert Not disinfected C:\Documents and Settings\LocalService\Cookies\system@xtrigger.topconverting[1].txt
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\d[1].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\d[1].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\d[1].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[1].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[1].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[1].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[2].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[2].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[2].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[3].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[3].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[3].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[4].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[4].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[4].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[5].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[5].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[5].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[6].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[6].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[6].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[8].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[8].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lgs[8].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lg[1].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lg[1].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\lg[1].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\upd2[1].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\upd2[1].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\upd2[1].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\upd[1].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\upd[1].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7XZ25O56\upd[1].exe[kans.reg]
Virus:Backdoor Program.AP Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\aim[1].exe
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\gc[2].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\gc[2].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\gc[2].exe[kansup.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lc[1].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lc[1].exe[kansup.reg]
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lc[1].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[1].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[1].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[1].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[2].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[2].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[2].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[3].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[3].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[3].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[4].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[4].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[4].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[7].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[7].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[7].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[8].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[8].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\lgs[8].exe[update.html]
Virus:Bck/Aimbot.I Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BEEVDD0T\ny[1].exe
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\d[1].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\d[1].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\d[1].exe[update.html]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\d[2].exe
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\d[2].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\d[2].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\d[2].exe[update.html]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\d[3].exe
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\d[3].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\d[3].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\d[3].exe[update.html]
Virus:Trj/Multidropper.AIP Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\ioi3[1].exe
Virus:Trj/Multidropper.AIP Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\ioi3[2].exe
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\lgs[1].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\lgs[1].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\lgs[1].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\lgs[2].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\lgs[2].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\lgs[2].exe[update.html]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\lgs[4].exe[kans.reg]
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TU05CM5X\lgs[4].exe[kansup.reg]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\LocalService\Lo

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 26 January 2006 - 04:53 AM

If you will,post the entire Panda log and a fresh HijackThis log.

Please do your best to avoid any uneeded internet activity until we can get through the next post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users