Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying To Get Rid Of Spyware Strike


  • Please log in to reply
7 replies to this topic

#1 I like Honda

I like Honda

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 24 January 2006 - 03:21 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:13:57 PM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage",

"http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and

Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents

and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\prefs.js)
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -

C:\WINDOWS\system32\hpBD48.tmp (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [User Space Manager] C:\Program

Files\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay]

C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [Motive SmartBridge]

C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52/200312...com/mickey/us/w

in/QuickTimeInstaller.exe
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} -

http://install.wildtangent.com/cda/islandr...veLauncherSetup.

cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader

Object) - http://antu.popcap.com/games/popcaploader_v6.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{56DBBBEB-7AA7-4192-9436-6FDD71D0FE

19}: Domain = queensu.ca
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - (no file)
O18 - Filter hijack: application/octet-stream -

{6585E5B4-4D2A-4A1D-A219-4102C64BA999} - (no file)
O18 - Filter: text/html - {A771FB97-B13E-46E2-973A-1CF0B693D1BC} - (no file)
O20 - Winlogon Notify: NavLogon - c:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec

Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Unknown owner - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec

Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec

AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program

Files\Speed Disk\nopdb.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program

Files\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 26 January 2006 - 05:41 PM

Hi I like Honda and Welcome to the Bleeping Computer!

Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).

Please download the trial version of ewido anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Close ewido anti-malware.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the Check Now button.
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When the download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.

#3 I like Honda

I like Honda
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 27 January 2006 - 12:24 AM

Hey Cretemonster,

um, I guess it's worked this time.. I dont get it, haha

Here are the new scan logs.
Please have a look at them and tell me if there's something left behind.

Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 12:11:09 AM, on 1/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\prefs.js)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [User Space Manager] C:\Program Files\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandr...uncherSetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56DBBBEB-7AA7-4192-9436-6FDD71D0FE19}: Domain = queensu.ca
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - (no file)
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - (no file)
O18 - Filter: text/html - {A771FB97-B13E-46E2-973A-1CF0B693D1BC} - (no file)
O20 - Winlogon Notify: NavLogon - c:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe

Panda scan:

Logfile of HijackThis v1.99.1
Scan saved at 12:11:09 AM, on 1/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\prefs.js)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [User Space Manager] C:\Program Files\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandr...uncherSetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56DBBBEB-7AA7-4192-9436-6FDD71D0FE19}: Domain = queensu.ca
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - (no file)
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - (no file)
O18 - Filter: text/html - {A771FB97-B13E-46E2-973A-1CF0B693D1BC} - (no file)
O20 - Winlogon Notify: NavLogon - c:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe




smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Thu 01/26/2006
The current time is: 22:06:46.44

Running from
C:\Documents and Settings\David1\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SpywareStrike © by noahdfear

SpywareStrike directory present

SpywareStrike uninstaller present

Starting SpywareStrike uninstaller

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

replmap.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 764 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :thumbsup:




---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:28:51 PM, 1/26/2006
+ Report-Checksum: 84A83D8C

+ Scan result:

:mozilla.13:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.46:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.81:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.84:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.106:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.108:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.109:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.112:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.113:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.116:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.119:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.120:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.151:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.152:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.153:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.154:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.163:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.227:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.228:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.575:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.576:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.723:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.724:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.731:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.732:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.733:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.734:C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.12:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.13:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.14:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.15:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.16:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.17:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.18:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.21:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.47:C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup


::Report End

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 27 January 2006 - 06:09 AM

Were you able to run the Panda Online Scan?


Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Post back with the reports from WinPFind and Panda

#5 I like Honda

I like Honda
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 27 January 2006 - 11:48 AM

Hey, here are the scans you asked for.

I posted a Panda scan before but there's a new one here.

It seems like the malware's gone. It's not popping up in the system tray anymore.

Let me know if you find more wrong.

Thanks!





WinPFind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 8/22/2004 4:04:56 PM 69120 C:\WINDOWS\daemon.dll
UPX! 4/25/2004 7:58:48 PM 45568 C:\WINDOWS\NavExt.dll

Checking %System% folder...
UPX! 9/17/2001 1:20:02 PM 9216 C:\WINDOWS\SYSTEM32\cpuinf32.dll
PEC2 8/23/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 11/7/2002 2:13:20 PM 221184 C:\WINDOWS\SYSTEM32\kl_upx.exe
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 1/4/2006 7:46:40 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 7:46:40 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/27/2006 10:38:20 AM S 2048 C:\WINDOWS\bootstat.dat
1/23/2006 2:50:30 PM H 10837 C:\WINDOWS\system32\MSTMON_Q.GID
11/30/2005 11:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 7:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 6:09:36 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
1/27/2006 10:38:12 AM H 8192 C:\WINDOWS\system32\config\DEFAULT.LOG
1/27/2006 10:38:36 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
1/27/2006 10:38:22 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
1/27/2006 10:38:36 AM H 73728 C:\WINDOWS\system32\config\SOFTWARE.LOG
1/27/2006 10:38:30 AM H 1003520 C:\WINDOWS\system32\config\SYSTEM.LOG
1/26/2006 4:38:38 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
1/26/2006 4:13:02 PM H 81 C:\WINDOWS\system32\GroupPolicy\Adm\admfiles.ini
1/4/2006 6:04:12 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\db5dcfc6-3211-47c7-9226-504153d6a5cf
1/4/2006 6:04:12 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
1/27/2006 10:37:24 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
1/9/2004 6:00:20 PM 176128 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 9/28/2004 8:26:02 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Intel Corporation 6/21/2000 12:39:22 PM 49235 C:\WINDOWS\SYSTEM32\NMO.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 8/26/1996 1:12:00 AM R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
WildTangent, Inc. 3/12/2004 3:53:44 PM 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
3/6/2004 12:29:10 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
3/5/2004 7:15:08 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
1/24/2006 7:05:28 PM 2917 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
3/6/2004 12:29:10 AM HS 84 C:\Documents and Settings\David1\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
10/16/2002 8:45:50 AM R 24070 C:\Documents and Settings\David1\Application Data\ccss.ico
3/5/2004 7:15:08 PM HS 62 C:\Documents and Settings\David1\Application Data\desktop.ini
10/20/2005 3:57:40 PM 538 C:\Documents and Settings\David1\Application Data\ready_files.ini
2/8/2005 9:31:34 PM HS 4608 C:\Documents and Settings\David1\Application Data\Thumbs.db

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = c:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = c:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\system32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
User Space Manager C:\Program Files\Intel\LDCM\Bin\USM.exe
C-Media Mixer Mixer.exe /startup
ccApp "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

Motive SmartBridge C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
StandardInstall

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 7.0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Acrotray
hkey HKLM
command "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Acrotray
hkey HKLM
command "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FinePrint Dispatcher v5
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fpdisp5a
hkey HKLM
command C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fpdisp5a
hkey HKLM
command C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KONICA MINOLTA PagePro 1350WStatusDisplay
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MSTMON_Q
hkey HKLM
command C:\WINDOWS\system32\MSTMON_Q.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MSTMON_Q
hkey HKLM
command C:\WINDOWS\system32\MSTMON_Q.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Magitime
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item magitime
hkey HKLM
command C:\Program Files\Magitime\magitime.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item magitime
hkey HKLM
command C:\Program Files\Magitime\magitime.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoActiveDesktopChanges 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoAddingComponents 0
NoComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoCloseDragDropBands 0
NoMovingBands 0
NoHTMLWallPaper 0
NoChangingWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoColorChoice 0
NoSizeChoice 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0
NoDispAppearancePage 0
NoDispBackgroundPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= c:\WINDOWS\System32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/27/2006 10:47:18 AM






Panda scan:



Incident Status Location

Adware:adware/savenow Not disinfected Windows Registry
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\David1\Cookies\david1@64.62.232[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\David1\Cookies\david1@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\David1\Cookies\david1@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\David1\Cookies\david1@adopt.hbmediapro[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\David1\Cookies\david1@ask[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\David1\Cookies\david1@belnk[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\David1\Cookies\david1@c.enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\David1\Cookies\david1@c.goclick[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\David1\Cookies\david1@cassava[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\David1\Cookies\david1@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\David1\Cookies\david1@club.cdfreaks[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\David1\Cookies\david1@dist.belnk[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\David1\Cookies\david1@gostats[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\David1\Cookies\david1@go[2].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\David1\Cookies\david1@kount[2].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\David1\Cookies\david1@pop.mircx[2].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\David1\Cookies\david1@www.seeq[1].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\David1\Cookies\david1@www.web-stat[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\David1\Cookies\david1@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\David1\Cookies\david1@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\David1\Cookies\david1@yadro[1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt[.outster.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt[.kinghost.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt[counter13.sextracker.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt[.sextracker.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt[counter7.sextracker.com/]
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt[.xxxcounter.com/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt[counter8.sextracker.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.go.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.64.62.232.6/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.888.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.ask.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.belnk.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.c.goclick.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.seeq.com/]
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.www.web-stat.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.www48.seeq.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[.zedo.com/]
Adware:Adware/SpywareStrike Not disinfected C:\!KillBox\SpywareStrike\SpywareStrike.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\All Users\Documents\smitRem\Process.exe
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\uvk3zrdq.default\cookies.txt[]
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\David1\Application Data\Mozilla\Profiles\default\n0xfy2yv.slt\cookies.txt[]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\David1\Cookies\david1@64.62.232[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\David1\Cookies\david1@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\David1\Cookies\david1@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\David1\Cookies\david1@adopt.hbmediapro[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\David1\Cookies\david1@ask[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\David1\Cookies\david1@belnk[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\David1\Cookies\david1@c.enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\David1\Cookies\david1@c.goclick[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\David1\Cookies\david1@cassava[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\David1\Cookies\david1@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\David1\Cookies\david1@club.cdfreaks[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\David1\Cookies\david1@dist.belnk[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\David1\Cookies\david1@gostats[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\David1\Cookies\david1@go[2].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\David1\Cookies\david1@kount[2].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\David1\Cookies\david1@pop.mircx[2].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\David1\Cookies\david1@www.seeq[1].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\David1\Cookies\david1@www.web-stat[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\David1\Cookies\david1@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\David1\Cookies\david1@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\David1\Cookies\david1@yadro[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\David1\Desktop\New Folder (2)\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\David1\Desktop\New Folder (2)\smitRem.exe[Process.exe]
Adware:Adware/CWS Not disinfected C:\WINDOWS\NavExt.dll
Potentially unwanted tool:Application/ServUBased.A Not disinfected D:\My Documents\My Music\Serv-u Ftp Server 3.0.0.1.7 + Crack.exe[SERVUDAEMON.EXE]
Potentially unwanted tool:Application/ServUBased.A Not disinfected D:\My Documents\My Music\Serv-U v4.0.0.4 (ftp server).exe[SERVUDAEMON.EXE]

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 28 January 2006 - 05:26 AM

Did you intentionally install these

Potentially unwanted tool:Application/ServUBased.A Not disinfected D:\My Documents\My Music\Serv-u Ftp Server 3.0.0.1.7 + Crack.exe[SERVUDAEMON.EXE]

Potentially unwanted tool:Application/ServUBased.A Not disinfected D:\My Documents\My Music\Serv-U v4.0.0.4 (ftp server).exe[SERVUDAEMON.EXE]



Also,do you have Kazza Lite installed?

#7 I like Honda

I like Honda
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 28 January 2006 - 01:04 PM

Hey Cretemonster,

Yeah, those were files I'd downloaded but never installed them. I've deleted them now.

I guess that's it then. Thanks for all you help!

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 28 January 2006 - 01:48 PM

Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Restart the PC.


Go ahead and Renable System Restore and restart the PC,this will clear out all old nasty restore points and create a nice new fresh clean one for you to fall back on should you ever need it.


It is suggested that you go and change all your passwords since some of these may have been compromised during the infection.


Read through those 3 little black links in my signature to get some extra ideas about how to avoid this in the future.


Please remember to check your AntiVirus and any Spyware Apps for updates atleast twice a week


Make sure you keep your Windows Operating System up to date by visiting Windows Updates regularly to download and install any critical updates and service packs.


If you ever need us again,you know how to find us! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users