Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Various Viruses, Worms And Spyware


  • Please log in to reply
17 replies to this topic

#1 antmaggio

antmaggio

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 07 June 2006 - 12:03 PM

This is my HijackThis log file after running all of the AntiVirus (AVG) and multiple Anti-Spyware programs that I have. Spybot runs and move all but 2 files. It says it can remove these 2 files at the next system restart. When I Shut down and restart Windows, a message pops up (just before shutdown) that says something like ifihotfix.dll. Upon system restart, Spybot does not run first thing, and the problems regenerate. Please help!

Logfile of HijackThis v1.99.1
Scan saved at 3:39:04 AM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\VTTimer.exe
D:\Program Files\TRIXX\TRIXX.exe
D:\WINDOWS\system32\tbctray.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\QuickTime\qttask.exe
D:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
D:\Program Files\Common Files\ActivCard\acautoreg.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\defender25.exe
E:\Program Files\BearShare\BearShare.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
E:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
D:\Program Files\Messenger\MSMSGS.EXE
D:\Program Files\Electronic Arts\EA Downloader\Core.exe
D:\Program Files\EarthLink TotalAccess\TaskPanl.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\DivX_311alpha\L3codeca.exe
D:\Program Files\TClock\TClock.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\msconfig.exe
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe
D:\Program Files\WarpSpeeder\BSTrayicon.exe
D:\Program Files\WarpSpeeder\WarpSpdr.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\system32\wuauclt.exe
C:\HiJack This\HijackThis.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\DOCUME~1\Anthony\LOCALS~1\Temp\AutoIt\AutoIt3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - D:\WINDOWS\system32\x3cqp0.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - E:\Program Files\EarthLink\Toolbar\Toolbar.dll
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - D:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [{EE-EA-A2-23-ZN}] d:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TRIXX] "D:\Program Files\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickPassword] D:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Hhl7RfpJ] "D:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ftexc] D:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [defender] C:\\defender25.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AnyDVD] E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [TraySantaCruz] D:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [TClock.exe] D:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.ex" -silent
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [iwii] D:\Program Files\Common Files\iwii\iwiim.exe
O4 - HKCU\..\Run: [EA Core] D:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "D:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Zeno.lnk.disabled
O4 - Startup: Z_Start.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: msconfig.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: WarpSpeeder Tray Icon.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &MyToolBar Search - res://D:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: EarthLink Google Search - res://E:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143515254109
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: App Management - D:\WINDOWS\system32\i6420ghoe64c0.dll (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - D:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - D:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - D:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 June 2006 - 04:46 AM

Hi antmaggio and Welcome to the Bleeping Computer!


1. Please download Ewido Anti-Malware
  • Install ewido anti-malware
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do its job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

#3 antmaggio

antmaggio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 08 June 2006 - 11:33 PM

Cretemonster,

I switched my Anti-Spyware to Panda Titanium and removeed the things it found. I then followed your plan and have the following 2 reports:

Ewido Report
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:03:56 AM, 6/9/2006
+ Report-Checksum: C2C21918

+ Scan result:

HKU\S-1-5-21-515967899-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
C:\Downloads\Downloads\ANYDVD\Slysoft AnyDVD v5.9.6.0 + crack.rar/AnyDvd.5.9.6.0 crack\AnyDVD_keygen.exe -> Dropper.WinAD.i : Cleaned with backup
C:\Downloads\Downloads\DVDFab 2979\DVDFab Platinum 2.9.7.9.rar/DVDFab Platinum 2.9.7.7\keygen.exe -> Adware.WinAD : Cleaned with backup
C:\Downloads\Downloads\DVDFab 2979\DVDFab Platinum 2.9.7.9.rar/DVDFab Platinum 2.9.7.7\keygen.zip/keygen.exe -> Adware.WinAD : Cleaned with backup
C:\Downloads\Downloads\DVDFabPlatinum ver 2.9.7.9\DVDFab Platinum 2.9.7.9\DVDFab Platinum 2.9.7.7\keygen.zip/keygen.exe -> Adware.WinAD : Cleaned with backup
C:\Downloads\Downloads\DVDFabPlatinum ver 2.9.7.9\DVDFab Platinum 2.9.7.9.rar/DVDFab Platinum 2.9.7.7\keygen.exe -> Adware.WinAD : Cleaned with backup
C:\Downloads\Downloads\DVDFabPlatinum ver 2.9.7.9\DVDFab Platinum 2.9.7.9.rar/DVDFab Platinum 2.9.7.7\keygen.zip/keygen.exe -> Adware.WinAD : Cleaned with backup
C:\Downloads\Downloads\FairUse DVD Encoder LE\FU-Setup_LE.exe -> Trojan.Ransom.a : Cleaned with backup
C:\Downloads\Downloads\FairUse Wizard 2.4\FairUse Wizard 2 v2.4 Full Edition.exe -> Trojan.Ransom.a : Cleaned with backup
C:\Downloads\Downloads\Quicktime Pro 7.02\QuickTime Pro v.7.0.2a38\QuickTime.Pro.v.7.0.2a38.Crack.rar/QuickTimeWebHelper.qtx -> Trojan.Pakes : Cleaned with backup
C:\Downloads\Downloads\X-Plane 8.4\FILE.VBS -> Worm.Gedza : Cleaned with backup
C:\My Downloads\X-Plane 8.15c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\My Downloads\X-Plane 8.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\My Downloads\X-Plane 8.4.zip/FILE.VBS -> Worm.Gedza : Cleaned with backup
D:\RECYCLER\S-1-5-21-515967899-413027322-839522115-1003\Dd4.virus/nr1rnqm8.exe -> Adware.Suggestor : Cleaned with backup
D:\RECYCLER\S-1-5-21-515967899-413027322-839522115-1003\Dd4.virus/mptft.exe -> Adware.SearchAssistant : Cleaned with backup
E:\Program Files\BitLord\Downloads\DVDFab Platinum 2.9.7.9.rar/DVDFab Platinum 2.9.7.7\keygen.exe -> Adware.WinAD : Cleaned with backup
E:\Program Files\BitLord\Downloads\DVDFab Platinum 2.9.7.9.rar/DVDFab Platinum 2.9.7.7\keygen.zip/keygen.exe -> Adware.WinAD : Cleaned with backup
E:\Program Files\FairUse Wizard 2\FairUseWizardUpdate.exe -> Trojan.Ransom.a : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\03_02_200522_33_01.zip/0.scl -> TrackingCookie.Atdmt : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\03_02_200522_33_01.zip/1.scl -> TrackingCookie.2o7 : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\03_02_200522_33_01.zip/2.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\03_06_200503_29_37.zip/1.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\03_21_200502_06_58.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\03_28_200515_25_37.zip/1.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\04_06_200500_08_27.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\05_07_200521_58_48.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\05_21_200507_02_05.zip/1.scl -> TrackingCookie.Statcounter : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\05_30_200523_48_52.zip/0.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\05_30_200523_48_52.zip/3.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\06_11_200519_29_10.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\06_11_200519_29_10.zip/1.scl -> TrackingCookie.Statcounter : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\06_11_200519_29_10.zip/5.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\06_11_200519_29_10.zip/6.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Gold\Backup\07_01_200518_39_08.zip/5.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\02_11_200601_54_29.zip/5.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\07_20_200501_10_47.zip/0.scl -> TrackingCookie.Atdmt : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\07_20_200501_10_47.zip/1.scl -> TrackingCookie.Centrport : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\07_20_200501_10_47.zip/2.scl -> TrackingCookie.Doubleclick : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\07_20_200501_10_47.zip/3.scl -> TrackingCookie.Questionmarket : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\07_20_200501_10_47.zip/4.scl -> TrackingCookie.2o7 : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\07_20_200501_10_47.zip/5.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\07_20_200501_10_47.zip/6.scl -> TrackingCookie.Pointroll : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\07_24_200501_23_38.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\08_22_200509_23_00.zip/2.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\08_26_200508_38_23.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/0.scl -> TrackingCookie.Advertising : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/1.scl -> TrackingCookie.Advertising : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/11.scl -> TrackingCookie.Adrevolver : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/12.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/14.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/15.scl -> TrackingCookie.Komtrack : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/16.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/17.scl -> TrackingCookie.Bluestreak : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/18.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/2.scl -> TrackingCookie.Atdmt : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/20.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/22.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/25.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/26.scl -> TrackingCookie.2o7 : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/27.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/29.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/3.scl -> TrackingCookie.Doubleclick : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/30.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/31.scl -> TrackingCookie.Specificclick : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/33.scl -> TrackingCookie.Esomniture : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/37.scl -> TrackingCookie.Tradedoubler : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/39.scl -> TrackingCookie.Valueclick : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/4.scl -> TrackingCookie.Fastclick : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_05_200512_40_42.zip/5.scl -> TrackingCookie.Mediaplex : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_06_200516_33_55.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_12_200504_31_19.zip/0.scl -> TrackingCookie.Statcounter : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_19_200517_57_37.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_22_200508_47_08.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\09_29_200509_23_24.zip/0.scl -> TrackingCookie.Statcounter : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_05_200510_31_25.zip/1.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/0.scl -> TrackingCookie.Advertising : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/1.scl -> TrackingCookie.Advertising : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/11.scl -> TrackingCookie.Adorigin : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/13.scl -> TrackingCookie.Questionmarket : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/15.scl -> TrackingCookie.Hypertracker : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/18.scl -> TrackingCookie.Euniverseads : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/2.scl -> TrackingCookie.Atdmt : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/21.scl -> TrackingCookie.Overture : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/22.scl -> TrackingCookie.Serving-sys : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/23.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/26.scl -> TrackingCookie.Adrevolver : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/3.scl -> TrackingCookie.Centrport : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/30.scl -> TrackingCookie.Pointroll : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/32.scl -> TrackingCookie.Tracking101 : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/33.scl -> TrackingCookie.Specificclick : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/35.scl -> TrackingCookie.2o7 : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/36.scl -> TrackingCookie.Targetnet : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/37.scl -> TrackingCookie.Valueclick : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/4.scl -> TrackingCookie.Doubleclick : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/5.scl -> TrackingCookie.Fastclick : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/6.scl -> TrackingCookie.Mediaplex : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_10_200509_13_52.zip/7.scl -> TrackingCookie.Bluestreak : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_25_200522_13_02.zip/2.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_25_200522_13_02.zip/3.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_25_200522_13_02.zip/9.scl -> TrackingCookie.2o7 : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\10_29_200503_34_10.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\11_13_200508_21_42.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\11_30_200506_58_11.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\11_30_200506_58_11.zip/3.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\12_12_200507_01_55.zip/1.scl -> TrackingCookie.Liveperson : Cleaned with backup
E:\Program Files\Spy Cleaner Platinum\Backup\12_23_200500_40_34.zip/0.scl -> TrackingCookie.Liveperson : Cleaned with backup


::Report End


HijackThis Report[/u][color=#FF9900]
Logfile of HijackThis v1.99.1
Scan saved at 12:20:05 AM, on 6/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
D:\WINDOWS\System32\svchost.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\ActivCard\acautoreg.exe
D:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
D:\Program Files\Prevx1\PXAgent.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\VTTimer.exe
D:\Program Files\TRIXX\TRIXX.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
D:\WINDOWS\system32\WgaTray.exe
E:\Program Files\BearShare\BearShare.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
D:\Program Files\Prevx1\PXConsole.exe
D:\WINDOWS\system32\tbctray.exe
E:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Messenger\MSMSGS.EXE
D:\Program Files\TClock\TClock.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Electronic Arts\EA Downloader\Core.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\EarthLink TotalAccess\TaskPanl.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\WarpSpeeder\BSTrayicon.exe
D:\WINDOWS\System32\HPZipm12.exe
C:\HiJack This\HijackThis.exe
D:\Program Files\HP\hpcoretech\comp\hpdarc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - D:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - D:\WINDOWS\system32\x3cqp0.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - E:\Program Files\EarthLink\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [{EE-EA-A2-23-ZN}] d:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TRIXX] "D:\Program Files\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickPassword] D:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ftexc] D:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AnyDVD] E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [APVXDWIN] "E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [PrevxOne] D:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [TraySantaCruz] D:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [TClock.exe] D:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.ex" -silent
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [iwii] D:\Program Files\Common Files\iwii\iwiim.exe
O4 - HKCU\..\Run: [EA Core] D:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "D:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Zeno.lnk.disabled
O4 - Startup: Z_Start.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WarpSpeeder Tray Icon.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &MyToolBar Search - res://D:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: EarthLink Google Search - res://E:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://forums.tomcoyote.org
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143515254109
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: avldr - D:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - D:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - D:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - D:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - D:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 June 2006 - 04:07 AM

Go to Add\Remove Programs and Remove

Spy Cleaner Gold

Zeno<-- There may be 2 entries for Zeno


Download WinPFind to your C Drive.
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - D:\WINDOWS\system32\x3cqp0.dll (file missing)

O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

O4 - HKLM\..\Run: [{EE-EA-A2-23-ZN}] d:\windows\system32\dwdsregt.exe GID003

O4 - HKLM\..\Run: [ftexc] D:\WINDOWS\system32\mptft.exe

O4 - HKCU\..\Run: [iwii] D:\Program Files\Common Files\iwii\iwiim.exe

O4 - Startup: Zeno.lnk.disabled

O4 - Startup: Z_Start.lnk.disabled

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Reboot into SAFE MODE(Tap F8 when restarting)


Search for and Delete if found

D:\WINDOWS\system32\mptft.exe<-- File

d:\windows\system32\dwdsregt.exe<-- File

D:\Program Files\Common Files\iwii<-- Folder

E:\Program Files\Spy Cleaner Gold<-- Folder


From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Restart the Machine and Please run the F-Secure Online Scanner
  • Follow the directions in the F-Secure page for proper Installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Custom Scan and be sure the following are checked.
    • Scan whole System
    • Scan all files
    • Scan whole system for rootkits
    • Scan whole system for spyware
    • Scan inside archives
    • Use advanced heuristics
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the I want to decide item by item button.
  • For each item found,Select Disinfect and Click Next
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Post back with a fresh HijackThis log and the reports from WinPFind and F-Secure

#5 antmaggio

antmaggio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 10 June 2006 - 03:14 PM

Cretemonster,

Here are my latest reports (F-Secure, WinPFind, HijackThis):

F-Secure

Scanning Report
Saturday, June 10, 2006 11:11:28 - 16:02:05
Computer name: HOMER
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\


--------------------------------------------------------------------------------

Result: 2 malware found
Adware.Maxifiles (spyware)
System (Disinfected)
Trojan-Dropper.Win32.Mudrop.bq (virus)
C:\526_620.exe (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 385845
System: 4722
Not scanned: 170
Actions:
Disinfected: 1
Renamed: 1
Deleted: 0
None: 0
Submitted: 1
Files not scanned:
UxIRTPART.DAT
C:\QUAKE2\BASEQ2\PLAYERS\MALE\TIGER2.PCX
C:\PROGRAM FILES\UBISOFT\CRYTEK\FAR CRY\LEVELS\MP_SURF\MP_SURF.CRY
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Warlord\server.zip\Overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Surge\server.zip\Overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Night_Flight\client.zip\Undergrowth.dat
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Night_Flight\server.zip\Overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Mass_Destruction\client.zip\Undergrowth.dat
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Mass_Destruction\server.zip\Overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Leviathan\client.zip\Undergrowth.dat
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Leviathan\server.zip\Overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Leviathan\server.zip\SimpleShadowmap.raw
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Iron_Gator\client.zip\Undergrowth.cfg
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Iron_Gator\server.zip\overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Ghost_Town\client.zip\Undergrowth.dat
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Ghost_Town\server.zip\overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Devils_Perch\server.zip\overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\xpack\Levels\Devils_Perch\server.zip\SimpleShadowmap.raw
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Zatar_Wetlands\server.zip\Overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Wake_Island_2007\server.zip\overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Strike_at_Karkand\server.zip\Overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Songhua_Stalemate\server.zip\overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Sharqi_Peninsula\server.zip\overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Sharqi_Peninsula\server.zip\overgrowth\OvergrowthCollision.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Operation_Clean_Sweep\server.zip\Overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Operation_Clean_Sweep\server.zip\Overgrowth\OvergrowthCollision.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\OperationRoadRage\server.zip\overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\OperationHarvest\server.zip\overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Midnight_Sun\server.zip\overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Mashtuur_City\server.zip\Overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Mashtuur_City\server.zip\Overgrowth\OvergrowthCollision.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\kubra_dam\server.zip\overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Gulf_of_Oman\server.zip\HeightmapSecondary_R1U1.raw
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Gulf_of_Oman\server.zip\overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\FuShe_Pass\server.zip\Overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Dragon_Valley\server.zip\overgrowth\Overgrowth.con
C:\Program Files\EA GAMES\Battlefield 2\mods\bf2\Levels\Daqing_oilfields\server.zip\overgrowth\Overgrowth.con AME

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-06-09
F-Secure Libra: 2.4.1, 2006-06-09
F-Secure Orion: 1.2.37, 2006-06-09
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-00-19
F-Secure Draco: 1.0.35, 2006-06-08
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics

--------------------------------------------------------------------------------

End of report


WinPFind Report

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 12/21/1999 8:58:02 AM 21312 D:\WINDOWS\choice.exe
Umonitor 6/8/2006 6:26:04 AM 119594 D:\WINDOWS\pxinstall_log.txt

Checking %System% folder...
UPX! 10/7/2005 1:14:52 PM 308224 D:\WINDOWS\SYSTEM32\avisynth.dll
aspack 3/18/2005 5:19:58 PM 2337488 D:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 3/31/2003 8:00:00 AM 41397 D:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 4/19/2006 4:09:20 PM 619156 D:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 4/19/2006 4:09:20 PM 619156 D:\WINDOWS\SYSTEM32\DivX.dll
PTech 5/23/2006 5:26:00 PM 579888 D:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 5/4/2006 12:26:22 AM 5818784 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 5/4/2006 12:26:22 AM 5818784 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 D:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 D:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 3/31/2003 8:00:00 AM 1309184 D:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 5/23/2006 5:25:52 PM 285488 D:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 D:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in D:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6/10/2006 10:33:10 AM S 2048 D:\WINDOWS\bootstat.dat
4/23/2006 4:24:34 PM RH 749 D:\WINDOWS\WindowsShell.Manifest
6/7/2006 3:13:44 AM S 64 D:\WINDOWS\CSC\00000001
6/7/2006 2:05:48 AM S 64 D:\WINDOWS\CSC\00000002
4/23/2006 4:24:40 PM H 65 D:\WINDOWS\Downloaded Program Files\desktop.ini
4/23/2006 4:25:18 PM HS 67 D:\WINDOWS\Fonts\desktop.ini
4/23/2006 4:24:40 PM H 65 D:\WINDOWS\Offline Web Pages\desktop.ini
4/23/2006 4:24:58 PM RHS 727 D:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_1.cab
4/23/2006 4:24:58 PM RHS 19854 D:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_2.cab
4/23/2006 4:24:58 PM RHS 243124 D:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_3.cab
4/23/2006 4:25:44 PM H 229376 D:\WINDOWS\repair\ntuser.dat
4/23/2006 4:24:34 PM RH 749 D:\WINDOWS\system32\cdplayer.exe.manifest
4/23/2006 4:24:40 PM RH 488 D:\WINDOWS\system32\logonui.exe.manifest
4/23/2006 4:24:34 PM RH 749 D:\WINDOWS\system32\ncpa.cpl.manifest
4/23/2006 4:24:34 PM RH 749 D:\WINDOWS\system32\nwc.cpl.manifest
4/23/2006 4:24:34 PM RH 749 D:\WINDOWS\system32\sapi.cpl.manifest
4/23/2006 4:24:40 PM RH 488 D:\WINDOWS\system32\WindowsLogon.manifest
4/23/2006 4:24:34 PM RH 749 D:\WINDOWS\system32\wuaucpl.cpl.manifest
5/15/2006 2:42:06 AM S 60249 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem28.CAT
5/17/2006 11:24:42 AM S 7160 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WGA.cat
5/23/2006 5:27:00 PM S 7160 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
6/10/2006 10:33:00 AM H 8192 D:\WINDOWS\system32\config\default.LOG
6/10/2006 10:33:28 AM H 1024 D:\WINDOWS\system32\config\SAM.LOG
6/10/2006 10:33:12 AM H 16384 D:\WINDOWS\system32\config\SECURITY.LOG
6/10/2006 10:49:06 AM H 94208 D:\WINDOWS\system32\config\software.LOG
6/10/2006 10:33:16 AM H 1216512 D:\WINDOWS\system32\config\system.LOG
4/23/2006 10:05:22 AM H 1024 D:\WINDOWS\system32\config\TempKey.LOG
4/23/2006 10:05:24 AM H 1024 D:\WINDOWS\system32\config\userdiff.LOG
5/12/2006 12:38:30 AM H 1024 D:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
4/23/2006 10:06:54 AM HS 62 D:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
4/23/2006 10:06:54 AM HS 62 D:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
4/23/2006 4:25:00 PM HS 113 D:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
4/23/2006 4:25:00 PM HS 113 D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
4/23/2006 4:25:00 PM HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
4/23/2006 4:25:00 PM HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
4/23/2006 4:25:00 PM HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1OGHCY02\desktop.ini
4/23/2006 4:25:00 PM HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\59UYLYVB\desktop.ini
4/23/2006 4:25:00 PM HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BAMKM6UO\desktop.ini
4/23/2006 4:25:00 PM HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Y14G8NYZ\desktop.ini
4/23/2006 4:24:42 PM HS 181 D:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
4/23/2006 10:06:54 AM HS 62 D:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
4/23/2006 4:25:42 PM HS 206 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
4/23/2006 4:25:42 PM HS 482 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
4/23/2006 4:25:42 PM HS 348 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
4/23/2006 4:25:42 PM HS 84 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
4/23/2006 4:25:42 PM HS 84 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
4/23/2006 4:51:12 PM HS 388 D:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\83671b4f-6a32-4f62-b188-1cea59955d10
6/10/2006 10:32:02 AM H 6 D:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 D:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 D:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 D:\WINDOWS\SYSTEM32\bthprops.cpl
OMNIKEY AG 11/15/2004 7:02:12 PM 258048 D:\WINDOWS\SYSTEM32\cmdiag.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 D:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 D:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 D:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 D:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 D:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 D:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 D:\WINDOWS\SYSTEM32\joy.cpl
Line 6 6/26/2003 12:41:40 PM 65536 D:\WINDOWS\SYSTEM32\l6gpcpl.cpl
Line 6 10/5/2004 9:58:10 PM 65536 D:\WINDOWS\SYSTEM32\l6pxtcpl.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 187904 D:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 D:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 35840 D:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 D:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 D:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 36864 D:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 D:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 D:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 D:\WINDOWS\SYSTEM32\sysdm.cpl
Voyetra Turtle Beach, Inc. 4/17/2002 1:51:08 PM 155648 D:\WINDOWS\SYSTEM32\tbccpnl.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 28160 D:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 D:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 D:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 D:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 187904 D:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 35840 D:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 36864 D:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 28160 D:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
C-Media Corporation 4/23/2004 2:30:54 AM R 2494464 D:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\cmicnfg.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
3/29/2006 11:47:02 PM 1757 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
4/23/2006 4:25:42 PM HS 84 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
3/25/2006 4:34:12 PM 1808 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
4/2/2006 3:01:44 AM 1594 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
3/31/2006 1:40:52 AM 1423 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WarpSpeeder Tray Icon.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
4/23/2006 10:06:54 AM HS 62 D:\Documents and Settings\All Users\Application Data\desktop.ini
3/25/2006 4:48:42 PM 1116 D:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
5/16/2006 7:15:52 AM 988 D:\Documents and Settings\Anthony\Start Menu\Programs\Startup\Adobe Gamma.lnk
4/23/2006 4:25:42 PM HS 84 D:\Documents and Settings\Anthony\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
6/6/2006 11:58:26 PM HS 125 D:\Documents and Settings\Anthony\Application Data\.zreglib
3/29/2006 11:45:54 PM 1563 D:\Documents and Settings\Anthony\Application Data\AdobeDLM.log
5/3/2006 8:49:56 PM 331 D:\Documents and Settings\Anthony\Application Data\AutoGK.ini
4/23/2006 10:06:54 AM HS 62 D:\Documents and Settings\Anthony\Application Data\desktop.ini
3/29/2006 11:45:54 PM 0 D:\Documents and Settings\Anthony\Application Data\dm.ini
6/3/2006 10:11:20 PM 91 D:\Documents and Settings\Anthony\Application Data\FixVTS.ini
5/22/2006 8:20:28 AM 33559 D:\Documents and Settings\Anthony\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{4A0E4A32-D446-45E7-991F-38586B26EA2F} = D:\WINDOWS\system32\mtc70u.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Panda Antivirus
{65756541-C65C-11CD-0000-4B656E696100} = E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = E:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= E:\Program Files\Nero\Nero 7\Nero SmartStart\Nero 7\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Panda Antivirus
{65756541-C65C-11CD-0000-4B656E696100} = E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= E:\Program Files\Nero\Nero 7\Nero SmartStart\Nero 7\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = E:\Program Files\WinAce\arcext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}
URLDetector Class = D:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{C7768536-96F8-4001-B1A2-90EE21279187} = EarthLink Toolbar : E:\Program Files\EarthLink\Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : D:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{C7768536-96F8-4001-B1A2-90EE21279187} = EarthLink Toolbar : E:\Program Files\EarthLink\Toolbar\Toolbar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
APVXDWIN "E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
PrevxOne D:\Program Files\Prevx1\PXConsole.exe
VTTimer VTTimer.exe
TRIXX "D:\Program Files\TRIXX\TRIXX.exe" -s
RemoteControl "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
QuickPassword D:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
NeroFilterCheck D:\WINDOWS\system32\NeroCheck.exe
HP Software Update D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HP Component Manager "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
GhostStartTrayApp C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
BearShare "E:\Program Files\BearShare\BearShare.exe" /pause
ATICCC "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
AnyDVD E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
TraySantaCruz D:\WINDOWS\system32\tbctray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Steam "c:\progra~1\valve\steam\steam.ex" -silent
Skype "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSMSGS "D:\Program Files\Messenger\MSMSGS.EXE" /background
EA Core D:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
E6TaskPanel "D:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
WinUpdate.exe D:\Program Files\Windows\WinUpdate.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = D:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr
= avldr.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/10/2006 10:55:34 AM

End of Report


HijacThis Report

Logfile of HijackThis v1.99.1
Scan saved at 4:10:02 PM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\Program Files\Common Files\ActivCard\acautoreg.exe
D:\Program Files\Common Files\ActivCard\accoca.exe
D:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
D:\Program Files\Prevx1\PXAgent.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wdfmgr.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
D:\Program Files\Prevx1\PXConsole.exe
D:\WINDOWS\system32\VTTimer.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
E:\Program Files\BearShare\BearShare.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\tbctray.exe
E:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Messenger\MSMSGS.EXE
D:\Program Files\Electronic Arts\EA Downloader\Core.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\EarthLink TotalAccess\TaskPanl.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\WarpSpeeder\BSTrayicon.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\DOCUME~1\Anthony\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
D:\DOCUME~1\Anthony\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
E:\PROGRA~1\MICROS~1\Office\OUTLOOK.EXE
D:\WINDOWS\msagent\AgentSvr.exe
E:\Program Files\Microsoft Office\Office\WINWORD.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
C:\HiJack This\HijackThis.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avciman.exe
E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - D:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - E:\Program Files\EarthLink\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [APVXDWIN] "E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [PrevxOne] D:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TRIXX] "D:\Program Files\TRIXX\TRIXX.exe" -s
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickPassword] D:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AnyDVD] E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [TraySantaCruz] D:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.ex" -silent
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [EA Core] D:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "D:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WarpSpeeder Tray Icon.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &MyToolBar Search - res://D:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: EarthLink Google Search - res://E:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://forums.tomcoyote.org
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143515254109
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: avldr - D:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - D:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - D:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - D:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - D:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

End of Report

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 June 2006 - 03:46 PM

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe)
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

#7 antmaggio

antmaggio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 10 June 2006 - 10:05 PM

Cretemonster,

I ran Look2Me_Destroyer.exe and after it said Done Scanning I received a message as follows:

CopyFile
Error:75.
Path/File access error

I clicked OK and received the message: Done removing infected files!
I clicked OK on the message that it would now shut down my computer, but it didn't sut down. The hour glass continued to run for a couple of minutes. I then manually shut down the computer.
I then re-ran Look2Me-Destroyer.exe again. Ireceived the same error message. This time it did shut down my computer.
Here are the 1st and 2nd log files:


1st log file


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 6/10/2006 10:16:07 PM


Attempting to delete infected files...

Making registry repairs.


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4A0E4A32-D446-45E7-991F-38586B26EA2F}"
HKCR\Clsid\{4A0E4A32-D446-45E7-991F-38586B26EA2F}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


2nd Log File


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 6/10/2006 10:42:08 PM


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 June 2006 - 06:20 AM

You did fine,it did exactly what I wanted it to! :thumbsup:


Go back to Safe Mode and Scan again with WinPFind.


Restart Normal and have the PC scanned here
http://www.bitdefender.com/scan/licence.php


Post back with the results from Bit Defender and WinPFind.

#9 antmaggio

antmaggio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 11 June 2006 - 07:01 PM

Here are the latest reports from WinPFind and BitDefender



BitDefender

BitDefender Online Scanner - Real Time Virus Report



Generated at: Sun, Jun 11, 2006 - 17:30:12


--------------------------------------------------------------------------------





Scan Info



Scanned Files
925000

Infected Files
27








Virus Detected



Win32.Vb.AN@mm
2

Trojan.Agent.OR
2

Trojan.Runner.C
1

Application.Adware.NewDotNet.B.Dropper
1

MemScan:Adware.Winad.I
2

Trojan.Downloader.Agent.KK
1

Adware.Winad.I
3

Backdoor.RBot.EOG
9

Dropped:Trojan.Clicker.VB.BX
1

JS.Trojan.Downloader.IstBar.A
1

BehavesLike:Trojan.Downloader
1

Worm.Gedza.B
1

Trojan.Downloader.Adload.BK
2










--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

End of Report




WinPFind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Items found in D:\hosts


Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 12/21/1999 8:58:02 AM 21312 D:\WINDOWS\choice.exe
Umonitor 6/8/2006 6:26:04 AM 119594 D:\WINDOWS\pxinstall_log.txt

Checking %System% folder...
UPX! 10/7/2005 1:14:52 PM 308224 D:\WINDOWS\SYSTEM32\avisynth.dll
aspack 3/18/2005 5:19:58 PM 2337488 D:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 3/31/2003 8:00:00 AM 41397 D:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 4/19/2006 4:09:20 PM 619156 D:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 4/19/2006 4:09:20 PM 619156 D:\WINDOWS\SYSTEM32\DivX.dll
PTech 5/23/2006 5:26:00 PM 579888 D:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 5/4/2006 12:26:22 AM 5818784 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 5/4/2006 12:26:22 AM 5818784 D:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 D:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 D:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 3/31/2003 8:00:00 AM 1309184 D:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 5/23/2006 5:25:52 PM 285488 D:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 D:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in D:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6/11/2006 11:22:28 AM S 2048 D:\WINDOWS\bootstat.dat
4/23/2006 4:24:34 PM RH 749 D:\WINDOWS\WindowsShell.Manifest
6/7/2006 3:13:44 AM S 64 D:\WINDOWS\CSC\00000001
6/7/2006 2:05:48 AM S 64 D:\WINDOWS\CSC\00000002
4/23/2006 4:24:40 PM H 65 D:\WINDOWS\Downloaded Program Files\desktop.ini
4/23/2006 4:25:18 PM HS 67 D:\WINDOWS\Fonts\desktop.ini
4/23/2006 4:24:40 PM H 65 D:\WINDOWS\Offline Web Pages\desktop.ini
4/23/2006 4:24:58 PM RHS 727 D:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_1.cab
4/23/2006 4:24:58 PM RHS 19854 D:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_2.cab
4/23/2006 4:24:58 PM RHS 243124 D:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_3.cab
4/23/2006 4:25:44 PM H 229376 D:\WINDOWS\repair\ntuser.dat
4/23/2006 4:24:34 PM RH 749 D:\WINDOWS\system32\cdplayer.exe.manifest
4/23/2006 4:24:40 PM RH 488 D:\WINDOWS\system32\logonui.exe.manifest
4/23/2006 4:24:34 PM RH 749 D:\WINDOWS\system32\ncpa.cpl.manifest
4/23/2006 4:24:34 PM RH 749 D:\WINDOWS\system32\nwc.cpl.manifest
4/23/2006 4:24:34 PM RH 749 D:\WINDOWS\system32\sapi.cpl.manifest
4/23/2006 4:24:40 PM RH 488 D:\WINDOWS\system32\WindowsLogon.manifest
4/23/2006 4:24:34 PM RH 749 D:\WINDOWS\system32\wuaucpl.cpl.manifest
5/15/2006 2:42:06 AM S 60249 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem28.CAT
5/17/2006 11:24:42 AM S 7160 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WGA.cat
5/23/2006 5:27:00 PM S 7160 D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
6/11/2006 11:22:18 AM H 8192 D:\WINDOWS\system32\config\default.LOG
6/11/2006 11:22:48 AM H 1024 D:\WINDOWS\system32\config\SAM.LOG
6/11/2006 11:22:30 AM H 16384 D:\WINDOWS\system32\config\SECURITY.LOG
6/11/2006 11:22:50 AM H 90112 D:\WINDOWS\system32\config\software.LOG
6/11/2006 11:22:34 AM H 1208320 D:\WINDOWS\system32\config\system.LOG
4/23/2006 10:05:22 AM H 1024 D:\WINDOWS\system32\config\TempKey.LOG
4/23/2006 10:05:24 AM H 1024 D:\WINDOWS\system32\config\userdiff.LOG
5/12/2006 12:38:30 AM H 1024 D:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
4/23/2006 10:06:54 AM HS 62 D:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
4/23/2006 10:06:54 AM HS 62 D:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
4/23/2006 4:25:00 PM HS 113 D:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
4/23/2006 4:25:00 PM HS 113 D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
4/23/2006 4:25:00 PM HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
4/23/2006 4:25:00 PM HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
4/23/2006 4:25:00 PM HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1OGHCY02\desktop.ini
4/23/2006 4:25:00 PM HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\59UYLYVB\desktop.ini
4/23/2006 4:25:00 PM HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BAMKM6UO\desktop.ini
4/23/2006 4:25:00 PM HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Y14G8NYZ\desktop.ini
4/23/2006 4:24:42 PM HS 181 D:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
4/23/2006 10:06:54 AM HS 62 D:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
4/23/2006 4:25:42 PM HS 206 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
4/23/2006 4:25:42 PM HS 482 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
4/23/2006 4:25:42 PM HS 348 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
4/23/2006 4:25:42 PM HS 84 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
4/23/2006 4:25:42 PM HS 84 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
4/23/2006 4:51:12 PM HS 388 D:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\83671b4f-6a32-4f62-b188-1cea59955d10
6/11/2006 11:21:20 AM H 6 D:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 D:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 D:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 D:\WINDOWS\SYSTEM32\bthprops.cpl
OMNIKEY AG 11/15/2004 7:02:12 PM 258048 D:\WINDOWS\SYSTEM32\cmdiag.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 D:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 D:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 D:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 D:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 D:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 D:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 D:\WINDOWS\SYSTEM32\joy.cpl
Line 6 6/26/2003 12:41:40 PM 65536 D:\WINDOWS\SYSTEM32\l6gpcpl.cpl
Line 6 10/5/2004 9:58:10 PM 65536 D:\WINDOWS\SYSTEM32\l6pxtcpl.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 187904 D:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 D:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 35840 D:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 D:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 D:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 36864 D:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 D:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 D:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 D:\WINDOWS\SYSTEM32\sysdm.cpl
Voyetra Turtle Beach, Inc. 4/17/2002 1:51:08 PM 155648 D:\WINDOWS\SYSTEM32\tbccpnl.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 28160 D:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 D:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 D:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 D:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 187904 D:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 35840 D:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 36864 D:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 3/31/2003 8:00:00 AM 28160 D:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
C-Media Corporation 4/23/2004 2:30:54 AM R 2494464 D:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\cmicnfg.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
3/29/2006 11:47:02 PM 1757 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
4/23/2006 4:25:42 PM HS 84 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
3/25/2006 4:34:12 PM 1808 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
4/2/2006 3:01:44 AM 1594 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
3/31/2006 1:40:52 AM 1423 D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WarpSpeeder Tray Icon.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
4/23/2006 10:06:54 AM HS 62 D:\Documents and Settings\All Users\Application Data\desktop.ini
3/25/2006 4:48:42 PM 1116 D:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
5/16/2006 7:15:52 AM 988 D:\Documents and Settings\Anthony\Start Menu\Programs\Startup\Adobe Gamma.lnk
4/23/2006 4:25:42 PM HS 84 D:\Documents and Settings\Anthony\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
6/6/2006 11:58:26 PM HS 125 D:\Documents and Settings\Anthony\Application Data\.zreglib
3/29/2006 11:45:54 PM 1563 D:\Documents and Settings\Anthony\Application Data\AdobeDLM.log
5/3/2006 8:49:56 PM 331 D:\Documents and Settings\Anthony\Application Data\AutoGK.ini
4/23/2006 10:06:54 AM HS 62 D:\Documents and Settings\Anthony\Application Data\desktop.ini
3/29/2006 11:45:54 PM 0 D:\Documents and Settings\Anthony\Application Data\dm.ini
6/3/2006 10:11:20 PM 91 D:\Documents and Settings\Anthony\Application Data\FixVTS.ini
5/22/2006 8:20:28 AM 33559 D:\Documents and Settings\Anthony\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
sv1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Panda Antivirus
{65756541-C65C-11CD-0000-4B656E696100} = E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = E:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= E:\Program Files\Nero\Nero 7\Nero SmartStart\Nero 7\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Panda Antivirus
{65756541-C65C-11CD-0000-4B656E696100} = E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= E:\Program Files\Nero\Nero 7\Nero SmartStart\Nero 7\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = E:\Program Files\WinAce\arcext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}
URLDetector Class = D:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{C7768536-96F8-4001-B1A2-90EE21279187} = EarthLink Toolbar : E:\Program Files\EarthLink\Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : D:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{C7768536-96F8-4001-B1A2-90EE21279187} = EarthLink Toolbar : E:\Program Files\EarthLink\Toolbar\Toolbar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
APVXDWIN "E:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
PrevxOne D:\Program Files\Prevx1\PXConsole.exe
VTTimer VTTimer.exe
TRIXX "D:\Program Files\TRIXX\TRIXX.exe" -s
RemoteControl "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
QuickPassword D:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
NeroFilterCheck D:\WINDOWS\system32\NeroCheck.exe
HP Software Update D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HP Component Manager "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
GhostStartTrayApp C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
BearShare "E:\Program Files\BearShare\BearShare.exe" /pause
ATICCC "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
AnyDVD E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
TraySantaCruz D:\WINDOWS\system32\tbctray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Steam "c:\progra~1\valve\steam\steam.ex" -silent
Skype "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSMSGS "D:\Program Files\Messenger\MSMSGS.EXE" /background
EA Core D:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
E6TaskPanel "D:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = D:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
WinUpdate.exe D:\Program Files\Windows\WinUpdate.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = D:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr
= avldr.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/11/2006 11:30:35 AM


End of Report

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 June 2006 - 07:48 PM

Ive never see a Bit Defender log llike that,it usually list the files it found and what it did with them.

Any idea if any actions were taken when Bit Defender flagged any of the files?


Copy all the text in the quote box to a blank notepad page and Save it to the desktop with the name Clr.reg but dont run it just yet.


REGEDIT4

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]



Restart in Safe Mode--> Search for and delete if found

D:\Program Files\Windows\WinUpdate.exe<-- File


Locate and double click Clr.reg and allow it to merge into the registry.


Restart Normal and Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#11 antmaggio

antmaggio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 11 June 2006 - 09:42 PM

The 1st time BitDefender didn't work. The second time it ran completely through. It found spyware things in the "jail" sub-folders of other Anti-Spyware programs. I went into those sub-folders and deleted the files within them myself and then emptied the trashcan. At the end, BitDefeneder said it found and removed some things, but that my computer was "still infected". Should I run BitDefender again?

If not, on to the next question. I searched the folder D:\Program Files\Windows\ and found WinUpdate.fld, not WinUpdate.exe. Should I delete WinUpdate.fld?

I haven't gone past this step yet from your last set of instructions.

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 June 2006 - 04:07 AM

Yes,go ahead and Delete this file--> WinUpdate.fld


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#13 antmaggio

antmaggio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 13 June 2006 - 04:32 AM

Cretemonster,

Kaspersky only gave me the option to select the following file. However, since I don't know what you can do to it after you select it, I then unselected it. I have not terminated Kaspersky yet. What should I do with Kaspersky next? :thumbsup:

D:\WINDOWS\system32\gbe90qss.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped



Here are the entire results after running Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, June 13, 2006 5:13:47 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 13/06/2006
Kaspersky Anti-Virus database records: 200087
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\

Scan Statistics:
Total number of scanned objects: 144975
Number of viruses found: 3
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 03:08:18

Infected Object Name / Virus Name / Last Action
C:\Downloads\Downloads\BearShare\BSINSTALL.exe/WISE0023.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Downloads\Downloads\BearShare\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Downloads\Downloads\BearShare\BSINSTALL.exe WiseSFX: infected - 2 skipped
C:\Downloads\Downloads\BearShare\BSINSTALL.exe WiseSFX Dropper: infected - 2 skipped
C:\Downloads\Downloads\CCleaner\ccsetup126.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Downloads\Downloads\CCleaner\ccsetup126.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Downloads\Downloads\CCleaner\ccsetup126.exe NSIS: infected - 2 skipped
C:\Downloads\Downloads\CCleaner 1.27\ccsetup127.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Downloads\Downloads\CCleaner 1.27\ccsetup127.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Downloads\Downloads\CCleaner 1.27\ccsetup127.exe NSIS: infected - 2 skipped
C:\Downloads\Downloads\XoftSpy4.15\XoftSpy415_107.exe/data0013 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Downloads\Downloads\XoftSpy4.15\XoftSpy415_107.exe NSIS: infected - 1 skipped
D:\WINDOWS\system32\gbe90qss.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
E:\Program Files\XoftSpy\uninstall.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
E:\Program Files\XoftSpy\uninstall.exe NSIS: infected - 1 skipped

Scan process completed.

End of Report

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 June 2006 - 04:02 PM

LOL,I dont know what that means either,its been a few months since I ran the scan.

You can just do nothing with Kaspersky,close it out or whatever.

Locate and Delete this file

D:\WINDOWS\system32\gbe90qss.exe


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?

#15 antmaggio

antmaggio
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 14 June 2006 - 09:14 AM

Cretemonster,

The system seems OK. Just to make sure, can I send you a report from any of the services (HijackThis or others) to show you the current condition of my computer?


Antmaggio




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users