Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware, Spyware And Virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 squadra

squadra

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 22 May 2006 - 01:56 AM

Hello,

Thanks to the topic 43659 I could fix the problem of the spy falcon.

The spyfalcon disapear, I can open the IE in my favourite page but I still have two pop up windows that open when I use IE. They are ULWindowSeek and ULWindowUrl. I adittion to this most of the programs run really slow (msn messenger doesn´t open, games run very slowly, etc) and I can not open links or pictures in web pages nor use things which require java aplications.
Y have tried all the programs you recomended but I still have the problem.(adware,spy search and destroy, panda, mcafee, etc)
Using a local program appear that I have 2 ad/spy and 1 virus (A/DLR, A/MS, BotGen) but I do not if the program is good. (the BotGen was in System32 on the file stdole3.tlb, I start in safe mode, delete the file but appear again)
I will try everything I can do to fix the problem in order to avoid reinstall windows. Please I need some help.

This is my HijackThis Log File

Logfile of HijackThis v1.99.1
Scan saved at 02:48:50 a.m., on 22/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Archivos de programa\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Documents and Settings\xxx\Escritorio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp1B9C.tmp (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [XwdSla] C:\Archivos de programa\Lucent Technologies\WIAS\Bin\XwdSla.exe /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Archivos de programa\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138234744718
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00E5C99B-DEA7-4C5E-ACFF-5E0B8A47AB52}: NameServer = 200.45.191.35 200.45.191.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{00E5C99B-DEA7-4C5E-ACFF-5E0B8A47AB52}: NameServer = 200.45.191.35 200.45.191.40
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Thank you for your help.
squadra

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:21 AM

Posted 23 May 2006 - 10:59 PM

Hello squadra,

Welcome to Bleeping Computer. :thumbsup:

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\SYSTEM32\winrkq32.dll


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 squadra

squadra
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 24 May 2006 - 12:38 AM

Hello teacup61,

Thank you for your help.

I downloaded The Avenger and followed your instructions…but when clicked on the Green Light to begin execution of the script, appear the message “Error: selected file does not appear to be a valid script” (Error code: 0) (I’ve tried three times)

I paste the c:\avenger.txt and a fresh HJT log

Avenger.txt
Avenger Pre-Processor log
//////////////////////////////////////////
Error: selected file does not appear to be a valid script.
Error code: 0


Logfile of HijackThis v1.99.1
Scan saved at 02:24:39 a.m., on 24/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\mHotkey.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Archivos de programa\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [XwdSla] C:\Archivos de programa\Lucent Technologies\WIAS\Bin\XwdSla.exe /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Archivos de programa\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138234744718
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe



I will wait for your new instructions.
Thank you again
Squadra

#4 squadra

squadra
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 24 May 2006 - 12:58 AM

In the same web page I’ve downloaded HJT I did the same with the program SpyOnThis, I used it and appear lot of spyware, hostile activeX, carding, hijacker, etc etc. I paste the result, I don’t know if the program is high-quality or useful.
I’m sorry if the information is irrelevant


Scan started : 24/05/2006 02:48:58 a.m.

Total items scanned : 21708
Objects found : 98
Objects ignored : 0

Common Components Unrelated object found!!!
Object: Common Components Unrelated
Class: REGVALUE
Type: SPYWARE
FoundIn: HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main[Search Page_bak]
RiskLevel: 1

Common Components Unrelated object found!!!
Object: Common Components Unrelated
Class: REGVALUE
Type: SPYWARE
FoundIn: HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Main[Start Page_bak]
RiskLevel: 1

DyFuCA.Internet Optimizer object found!!!
Object: DyFuCA.Internet Optimizer
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{d8e25c53-9508-4f5c-9249-d98d438891d5}
RiskLevel: 1

F__kSite object found!!!
Object: F__kSite
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{a1dc3241-b122-195f-b21a-000000000000}
RiskLevel: 1

Online-Dialer object found!!!
Object: Online-Dialer
Class: REGKEY
Type: DOS
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{02c20140-76f8-4763-83d5-b660107b7a90}
RiskLevel: 1

Online-Dialer object found!!!
Object: Online-Dialer
Class: REGKEY
Type: DOS
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{03d3ad2f-c841-443f-8a21-a7d2a62b6626}
RiskLevel: 1

Online-Dialer object found!!!
Object: Online-Dialer
Class: REGKEY
Type: DOS
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{91df007c-2f7f-4731-be1f-38c1c13ceb8b}
RiskLevel: 1

Online-Dialer object found!!!
Object: Online-Dialer
Class: REGKEY
Type: DOS
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{ab1e62eb-3de3-428f-a417-64ab3c9b6cf0}
RiskLevel: 1

Online-Dialer object found!!!
Object: Online-Dialer
Class: REGKEY
Type: DOS
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{e44151c8-0c6c-4a7d-b677-4fcc9552e957}
RiskLevel: 1

HighTraffic object found!!!
Object: HighTraffic
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{53e10c2c-43b2-4657-ba29-aae179e7d35c}
RiskLevel: 1

123search object found!!!
Object: 123search
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST5UNST #1
RiskLevel: 1

IEMonit object found!!!
Object: IEMonit
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-ABED-709549C10001}
RiskLevel: 1

Searchex object found!!!
Object: Searchex
Class: REGKEY
Type: HOSTILE ACTIVEX
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{a116a5c1-ad77-446c-992a-f56200b112db}
RiskLevel: 1

Searchex object found!!!
Object: Searchex
Class: REGKEY
Type: HOSTILE ACTIVEX
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{b405ee45-1aa2-410d-a6cf-1a74371dcd62}
RiskLevel: 1

Aureate object found!!!
Object: Aureate
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EBBFE27C-BDF0-11D2-BBE5-00609419F467}
RiskLevel: 1

FreeScratchAndWin object found!!!
Object: FreeScratchAndWin
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{20a03a4c-9faf-45d5-a5c2-b6c49774e03c}
RiskLevel: 1

FreeScratchAndWin object found!!!
Object: FreeScratchAndWin
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{47cc4dcd-bbc9-47a3-a677-44db2559e0d8}
RiskLevel: 1

FreeScratchAndWin object found!!!
Object: FreeScratchAndWin
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{5dd7b3be-fdec-4563-b038-ff80f2345b89}
RiskLevel: 1

FreeScratchAndWin object found!!!
Object: FreeScratchAndWin
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99b0b113-6f25-49c9-8ecf-2fddd3edff6a}
RiskLevel: 1

VX2.NetPal object found!!!
Object: VX2.NetPal
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{000e7270-cc7a-0786-8e7a-da09b51938a6}
RiskLevel: 1

VX2.NetPal object found!!!
Object: VX2.NetPal
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{6085fb5b-c281-4b9c-8e5d-d2792ea30d2f}
RiskLevel: 1

VX2.NetPal object found!!!
Object: VX2.NetPal
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{c7ade150-743d-11d4-8141-00e029626f6a}
RiskLevel: 1

2spy! object found!!!
Object: 2spy!
Class: REGVALUE
Type: SPYWARE
FoundIn: HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer[DownloadUI]
RiskLevel: 1

about_blank object found!!!
Object: about_blank
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com
RiskLevel: 1

about_blank object found!!!
Object: about_blank
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotchbar.com
RiskLevel: 1

about_blank object found!!!
Object: about_blank
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com
RiskLevel: 1

Search Toolbar object found!!!
Object: Search Toolbar
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{76EC9B95-D244-41F9-A5BE-6896EFFB40CF}
RiskLevel: 6

FunWebProducts object found!!!
Object: FunWebProducts
Class: REGKEY
Type: HIJACKER
FoundIn: HKEY_CLASSES_ROOT:CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
RiskLevel: 2

E2Give object found!!!
Object: E2Give
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}
RiskLevel: 4

LinkGrabber 99 object found!!!
Object: LinkGrabber 99
Class: REGVALUE
Type: SPYWARE
FoundIn: HKEY_USERS:.default\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mywebsearch.net[*]
RiskLevel: 3

7FaSSt object found!!!
Object: 7FaSSt
Class: REGKEY
Type: CARDING
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{06dfedaa-6196-11d5-bfc8-00508b4a487d}
RiskLevel: 1

7FaSSt object found!!!
Object: 7FaSSt
Class: REGKEY
Type: CARDING
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{669695bc-a811-4a9d-8cdf-ba8c795f261e}
RiskLevel: 1

7FaSSt object found!!!
Object: 7FaSSt
Class: REGKEY
Type: CARDING
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}
RiskLevel: 1

two-week trial version object found!!!
Object: two-week trial version
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:software\classes\interface\{82351440-9094-11d1-a24b-00a0c932c7df}
RiskLevel: 5

two-week trial version object found!!!
Object: two-week trial version
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:software\classes\interface\{f32c7705-1dad-4b09-b60a-40f1d9b3dbc9}
RiskLevel: 5

two-week trial version object found!!!
Object: two-week trial version
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:software\classes\interface\{5252ac41-94bb-11d1-b2e7-444553540000}
RiskLevel: 5

two-week trial version object found!!!
Object: two-week trial version
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:software\classes\typelib\{82351433-9094-11d1-a24b-00a0c932c7df}
RiskLevel: 5

two-week trial version object found!!!
Object: two-week trial version
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:software\classes\anigifctrl.anigif\insertable
RiskLevel: 5

ShopForGood object found!!!
Object: ShopForGood
Class: REGKEY
Type: HIJACKER
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{05bbb56a-2a69-4a5c-bfda-43295dd67434}
RiskLevel: 5

180Search Assistant object found!!!
Object: 180Search Assistant
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{6eb5b540-1e74-4d91-a7f0-5b758d333702}
RiskLevel: 3

EZSearching object found!!!
Object: EZSearching
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{34d516ea-40e3-4e3b-8ba8-505112738ed5}
RiskLevel: 2

Favoriteman object found!!!
Object: Favoriteman
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{000000f1-34e3-4633-87c6-1aa7a44296da}
RiskLevel: 4

Favoriteman object found!!!
Object: Favoriteman
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{00000ef1-0786-4633-87c6-1aa7a44296da}
RiskLevel: 4

Favoriteman object found!!!
Object: Favoriteman
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{ebbd88e5-c372-469d-b4c5-1fe00352ab9b}
RiskLevel: 4

MemoryMeter object found!!!
Object: MemoryMeter
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{afdbb6d0-6b96-419c-8bc6-ff0b99368c0b}
RiskLevel: 1

xxx-toolbar object found!!!
Object: xxx-toolbar
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
RiskLevel: 1

Newtonknows object found!!!
Object: Newtonknows
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{8ae10ee3-84be-4d3c-8106-7020bf3f0142}
RiskLevel: 1

Newtonknows object found!!!
Object: Newtonknows
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{e9407738-a996-421a-a309-5c93c699e10a}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2e12b523-3d4c-4fac-9b04-0376a8f5e879}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{388d7ebb-cbb9-4126-8db2-86dc6863a206}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{39af31dd-eafc-45ea-a56c-385b52e25cc0}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{6b12dabb-0b7c-44fa-b0b3-4baff3790256}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{a76066c9-941b-4209-9d96-0ac80501100d}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{c389f2cf-26ed-11d5-a212-004005f6feb6}
RiskLevel: 1

InetSpeak object found!!!
Object: InetSpeak
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{d6862a22-1dd6-11d3-bb7c-444553540000}
RiskLevel: 1

eAcceleration object found!!!
Object: eAcceleration
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{459729ac-727d-4d97-b18a-72ee224efec0}
RiskLevel: 1

SCBar object found!!!
Object: SCBar
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{00041a26-7033-432c-94c7-6371de343822}
RiskLevel: 1

Toolbar.bho2 object found!!!
Object: Toolbar.bho2
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{07b18ea1-a523-4961-b6bb-170de4475cca}
RiskLevel: 1

Starware object found!!!
Object: Starware
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}
RiskLevel: 1

Starware object found!!!
Object: Starware
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7BED0340-176B-44bc-915E-C21C1DD6F617}
RiskLevel: 1

Starware object found!!!
Object: Starware
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}
RiskLevel: 1

Starware object found!!!
Object: Starware
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D49E9D35-254C-4c6a-9D17-95018D228FF5}
RiskLevel: 1

SearchMiracle.EliteBar object found!!!
Object: SearchMiracle.EliteBar
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_CURRENT_USER:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com
RiskLevel: 1

Adware.Sa object found!!!
Object: Adware.Sa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{4bcf322b-9621-4e90-9678-f1424eb7584e}
RiskLevel: 1

Adware.Sa object found!!!
Object: Adware.Sa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{7B55BB05-0B4D-44FD-81A6-B136188F5DEB}
RiskLevel: 1

Click the Button object found!!!
Object: Click the Button
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{ab4dd0f0-38da-4f48-aafe-7de7323bb6b2}
RiskLevel: 1

ToolbarCC object found!!!
Object: ToolbarCC
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffa2}
RiskLevel: 1

ToolbarCC object found!!!
Object: ToolbarCC
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffa7}
RiskLevel: 1

ToolbarCC object found!!!
Object: ToolbarCC
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffa8}
RiskLevel: 1

ToolbarCC object found!!!
Object: ToolbarCC
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffaf}
RiskLevel: 1

PS Guard object found!!!
Object: PS Guard
Class: REGVALUE
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced[SeparateProcess]
RiskLevel: 1

EzuLa object found!!!
Object: EzuLa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{19dfb2cb-9b27-11d4-b192-0050dab79376}
RiskLevel: 2

EzuLa object found!!!
Object: EzuLa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{3d7247de-5db8-11d4-8a72-0050da2ee1be}
RiskLevel: 2

EzuLa object found!!!
Object: EzuLa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}
RiskLevel: 2

EzuLa object found!!!
Object: EzuLa
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{a041b850-57ad-493f-8fdc-4f1b15c0d16f}
RiskLevel: 2

eXactSearch object found!!!
Object: eXactSearch
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{53f066f0-a4c0-4f46-83eb-2dfd03f938cf}
RiskLevel: 2

eXactSearch object found!!!
Object: eXactSearch
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{f9765480-72d1-11d4-a75a-004f49045a87}
RiskLevel: 2

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{03fde7ea-c8c4-413f-bea1-f8c1b8b39ea6}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{08d536e8-06f5-458f-b5d1-e975d2da08db}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{0ec7cf46-c5b4-480c-8f94-eb34b98ccf44}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{17127a1c-1c1b-4430-b042-e1ca653d68e2}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{1ae63cf9-7c7a-49c8-8475-961ddd2b230a}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{1d4ee8ca-9b69-4c8f-8e7b-3e2940b329fa}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2b54bd2f-78c0-4eaf-8347-7f37454fc61d}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{450a8754-6700-4170-8263-252e9a86de06}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{57c469e8-923a-4623-bc67-d9e18c97a2ed}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{58a7073d-4ec4-46a9-bdbd-fddcc47544ee}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{7250994f-210d-4abc-8c4d-b2c014529fd8}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{7852e0ff-f138-434e-bc32-760d05debb33}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{7e4de558-ebd9-4373-a34c-523d23b9eddb}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{af60118d-901b-4add-97d8-1676ec3a7cea}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{c14b4055-a29b-420c-9d24-71c04956189c}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{c3516ef2-41d5-4e97-8688-77ada93fb0eb}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{c6a02de1-73ef-463a-8566-bd7af8b63f88}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{ce6e551b-b8f9-4b24-81fd-59d9162da495}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{db0aad08-ca9f-4c1e-b4e1-ad3d63ee20f9}
RiskLevel: 1

EUniverse object found!!!
Object: EUniverse
Class: REGKEY
Type: SPYWARE
FoundIn: HKEY_LOCAL_MACHINE:Software\Microsoft\Internet Explorer\ActiveX Compatibility\{dfaba77c-f8bb-4ab9-bed7-7d48ae103e24}
RiskLevel: 1

Dialer object found!!!
Object: Dialer
Class: REGKEY
Type: BROWSER HELPER OBJECT
FoundIn: HKEY_CURRENT_USER:SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\TRUST DATABASE\0
RiskLevel: 1


Thank you.
squadra

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:21 AM

Posted 24 May 2006 - 10:39 AM

Did you copy everything in the quote box to clipboard? You have to copy the "files to delete" also, not just the file name.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 squadra

squadra
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 24 May 2006 - 05:31 PM

I’m sorry; I have done it well now. (Anything changed)

I paste the c:\avenger.txt and a fresh HJT log


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hmndodhb

*******************

Script file located at: \??\C:\ftfqyoau.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\winrkq32.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Logfile of HijackThis v1.99.1
Scan saved at 07:21:46 p.m., on 24/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\mHotkey.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Archivos de programa\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [XwdSla] C:\Archivos de programa\Lucent Technologies\WIAS\Bin\XwdSla.exe /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Archivos de programa\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138234744718
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Thanks

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:21 AM

Posted 24 May 2006 - 05:46 PM

Hi there,

Nothing to be sorry about! :thumbsup: You did a great job. :flowers: This is new to you, and sometimes it seems confusing, but you did great! :huh:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)


Close all browser and other windows except for HijackThis!, and click "Fix Checked".

Reboot your computer

Use Cleanmgr to clean temporary files:

1. Click > start > run and type cleanmgr and click OK
2. Scan your system for files to remove.
3. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
4. Click OK to remove those files.
5. Click Yes to confirm deletion.

Please download, install, and update the free version of Ewido Anti-Malware:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run Ewido for the first time, you might get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main Ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes, the status bar at the bottom will display "Update successful"
  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
  • Close Ewido
In your reply, please let me see the log from Ewido, and a new HijackThis log. How is your computer running now?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 squadra

squadra
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 24 May 2006 - 07:02 PM

Thank you for your help.

I´ve done everithing.
The reports seems good, but I still have the same problems. I hope you can find what is happening.

Other program I had used shows now only one adware A/MS ( Reporte - TROYAN EXPLORE 5.15 –
Report
AD: A/MS
C:\WINDOWS\DOWNLOADED PROGRAM FILES/*initial*.inf
Before doing all you told me, appeared other things, now only that.

I can’t open different programs. The same with the msn or java applications. And surfing on the web I can’t open things in a new window or open some links, etc.


I paste the Ewido and a new HijackThis log


ewido anti-malware - Report de exploración
---------------------------------------------------------

+ Creado en: 08:35:10 p.m., 24/05/2006
+ Report-Checksum: C7D1FF48

+ Scan result:

C:\avenger\backup.zip/avenger/winrkq32.dll -> Downloader.Small.cml : Limpio con backup
C:\Documents and Settings\xxx\Cookies\xxx@data3.perf.overture[1].txt -> TrackingCookie.Overture : Limpio con backup
C:\Documents and Settings\xxx\Cookies\xxx@overture[1].txt -> TrackingCookie.Overture : Limpio con backup
C:\Documents and Settings\xxx\Cookies\xxx@perf.overture[1].txt -> TrackingCookie.Overture : Limpio con backup
C:\WINDOWS\Downloaded Program Files\rdgAR2404.exe -> Downloader.Small.ayl : Limpio con backup
C:\WINDOWS\temp\win13C.tmp.exe -> Trojan.Dialer.oy : Limpio con backup
C:\WINDOWS\temp\win140.tmp.exe -> Trojan.Dialer.oy : Limpio con backup
C:\WINDOWS\temp\win5F.tmp.exe -> Trojan.Dialer.oy : Limpio con backup
C:\WINDOWS\temp\win63.tmp.exe -> Trojan.Dialer.oy : Limpio con backup
C:\WINDOWS\temp\win67.tmp.exe -> Trojan.Dialer.oy : Limpio con backup


::Fin Report
Logfile of HijackThis v1.99.1
Scan saved at 08:40:12 p.m., on 24/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\mHotkey.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Archivos de programa\Nikon\PictureProject\NkbMonitor.exe
C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [XwdSla] C:\Archivos de programa\Lucent Technologies\WIAS\Bin\XwdSla.exe /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Archivos de programa\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138234744718
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:21 AM

Posted 24 May 2006 - 07:22 PM

Hello,


Download the trial version of Spy Sweeper from
Here


Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 squadra

squadra
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 24 May 2006 - 09:23 PM

Thank you so much for your time...

At the moment, it seems like all the programs run better...I have problems only with a program...I will reinstall it.

I paste the SpySweeper log


********
10:24 p.m.: | Start of Session, Miércoles, 24 de Mayo de 2006 |
10:24 p.m.: Spy Sweeper started
10:24 p.m.: Sweep initiated using definitions version 685
10:24 p.m.: Starting Memory Sweep
10:27 p.m.: Memory Sweep Complete, Elapsed Time: 00:03:12
10:27 p.m.: Starting Registry Sweep
10:27 p.m.: Found Trojan Horse: trojan agent winlogonhook
10:27 p.m.: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
10:27 p.m.: Found Adware: prosearch.com hijack
10:27 p.m.: HKLM\software\microsoft\internet explorer\main\ || search page_bak (ID = 1250789)
10:27 p.m.: Found Adware: cws-aboutblank
10:27 p.m.: HKU\S-1-5-21-1409082233-1078145449-725345543-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
10:28 p.m.: HKU\S-1-5-21-1409082233-1078145449-725345543-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
10:28 p.m.: Registry Sweep Complete, Elapsed Time:00:00:11
10:28 p.m.: Starting Cookie Sweep
10:28 p.m.: Found Spy Cookie: tribalfusion cookie
10:28 p.m.: xxx@tribalfusion[1].txt (ID = 3589)
10:28 p.m.: Cookie Sweep Complete, Elapsed Time: 00:00:01
10:28 p.m.: Starting File Sweep
10:51 p.m.: File Sweep Complete, Elapsed Time: 00:22:59
10:51 p.m.: Full Sweep has completed. Elapsed time 00:26:25
10:51 p.m.: Traces Found: 17
10:54 p.m.: Removal process initiated
10:54 p.m.: Quarantining All Traces: cws-aboutblank
10:54 p.m.: Quarantining All Traces: trojan agent winlogonhook
10:54 p.m.: Quarantining All Traces: prosearch.com hijack
10:54 p.m.: Quarantining All Traces: tribalfusion cookie
10:55 p.m.: Removal process completed. Elapsed time 00:00:26
********
10:20 p.m.: | Start of Session, Miércoles, 24 de Mayo de 2006 |
10:20 p.m.: Spy Sweeper started
10:22 p.m.: Your spyware definitions have been updated.
10:24 p.m.: | End of Session, Miércoles, 24 de Mayo de 2006 |

Thak you again...
This site is fabulous

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:21 AM

Posted 24 May 2006 - 10:46 PM

Hello again squadra,

You're most welcome. :thumbsup: I'm very glad to know everything is running better! Muy bien! Please let me know how things go after you've spent some time online, and if any problems remain.

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

It is very important to maintain your Firewall.
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 squadra

squadra
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 01 June 2006 - 12:32 AM

Dear teacup61

I’m sorry I couldn’t answer before…but I had to travel for a couple of days and I haven’t been using the computer…Mi wife told me that all is running ok, but I prefer to explore by my self…
This weekend I will install all the things you mentioned in order to avoid this happen again…

I can’t update my panda antivirus from today…What you recommend me?? Change it for other free?? Which I should use?

Now I don’t have an international valid credit car for recompense your help, but in a few days I will be traveling abroad and I hope have the credit card…If you want I can give my mail or you can take it from my dates on the site.

Thank you again

Squadra

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:21 AM

Posted 01 June 2006 - 01:19 AM

Hello again,

It's all right.....things happen and life just gets in the way sometimes. It is good to know the computer is running well. There are some excellent FREE Anti Virus programs. I use Avast!, and I love it. It's free, light on resources, and rated in the top ten AVs. Here are a couple of other suggestions, all of which are well recommended, so you have a choice:

AVG, Avira OR Avast are good FREE antivirus.
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Safe traveling, and please let me know if you have further questions!

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:21 AM

Posted 05 June 2006 - 11:17 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users