Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Visible Problems, Just Slowdown


  • Please log in to reply
10 replies to this topic

#1 outlawmoogle

outlawmoogle

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 25 December 2006 - 02:50 PM

The online virus scanners flagged some spyware and possible hacker tools that my programs haven't detected so thought I'd get a diagnosis.

Logfile of HijackThis v1.99.1
Scan saved at 11:43:55 AM, on 12/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
D:\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Semagic\LiveJournal.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\NPZOFN17\stng260[1].exe
C:\Documents and Settings\Steven\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Programs\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] D:\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=010907 serial=pe02cbx-0000003-nmd lang=EN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Semagic.lnk = C:\Program Files\Semagic\LiveJournal.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Download All by FlashGet - D:\Programs\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Programs\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programs\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programs\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Steven\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: www.dsfanboy.com
O15 - Trusted Zone: www.engadget.com
O15 - Trusted Zone: www.fark.com
O15 - Trusted Zone: www.gamefaqs.com
O15 - Trusted Zone: www.gonintendo.com
O15 - Trusted Zone: www.ign.com
O15 - Trusted Zone: www.joystiq.com
O15 - Trusted Zone: www.livejournal.com
O15 - Trusted Zone: www.wamu.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://openacademy.mindef.gov.sg/OpenAcade...uggin/ipixx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098231998309
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143963703875
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} (Toolbar Reg Sniff Activate) - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ise/install.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 25 December 2006 - 03:24 PM

Hi outlawmoogle, :flowers:

We're studying your log right now and will be abck to you a.s.a.p.

Thanks for your patience. :thumbsup:

#3 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 27 December 2006 - 05:08 AM

Hi outlawmoogle, :thumbsup:

1. I can see that you disabled some items in your Startup through Msconfig. We need to see them because sometimes they can be malware.

Click Start > Run > type: msconfig > OK.
Select Normal Startup - load all device drivers and services.
Click OK. And when asked to restart, click No.

2. Run HijackThis, click the Config... button, then go to the Misc Tools section and click Open Uninstall Manager. You'll see a list of programs; click on Save List...

The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply.

3. You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6.0). Older versions have vulnerabilities that malware can use to infect your system. Please update and remove the older versions. Do the following:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:

    Java Runtime Environment (JRE) 6.0
4. Go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Please post the Panda report along with the uninstall_list.txt and a new HijackThis log.

#4 outlawmoogle

outlawmoogle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 28 December 2006 - 02:06 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:04:46 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\OpenSA\Apache2\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
D:\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Semagic\LiveJournal.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Steven\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Programs\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] D:\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=010907 serial=pe02cbx-0000003-nmd lang=EN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WebRebates] javaw -cp "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SS3EDIT] C:\WINDOWS\wUA3uRFWg.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] d:\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [JEDI] C:\WINDOWS\bu2IYbpMW9HG.exe
O4 - HKLM\..\Run: [jbnyuxwy] C:\WINDOWS\System32\zexayvts.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [PhanTim31] "C:\Program Files\PhanTim3\PhanTim3.exe" 1
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: Konfabulator.lnk = D:\Konfabulator\Konfabulator.exe
O4 - Startup: Mobipocket Web Companion.lnk = ?
O4 - Startup: Semagic.lnk = C:\Program Files\Semagic\LiveJournal.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: check-ip-changed.bat
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Download All by FlashGet - D:\Programs\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Programs\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programs\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programs\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Steven\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: www.dsfanboy.com
O15 - Trusted Zone: www.engadget.com
O15 - Trusted Zone: www.fark.com
O15 - Trusted Zone: www.gamefaqs.com
O15 - Trusted Zone: www.gonintendo.com
O15 - Trusted Zone: www.ign.com
O15 - Trusted Zone: www.joystiq.com
O15 - Trusted Zone: www.livejournal.com
O15 - Trusted Zone: www.wamu.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://openacademy.mindef.gov.sg/OpenAcade...uggin/ipixx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098231998309
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143963703875
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} (Toolbar Reg Sniff Activate) - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ise/install.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe


ABC (remove only)
AC3+DTS XForm (remove only)
ActivePerl 5.8.3 Build 809
Ad-aware 6 Personal
Adobe Acrobat 5.0
Adobe Photoshop 7.0
Adobe Reader 7.0
Adobe Reader Japanese Fonts
Advanced WMA Workshop version 2.03b
Agere Systems AC'97 Modem
AMIP (remove only)
AOL Instant Messenger
Apple Software Update
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ATI Control Panel
ATI Display Driver
Audacity 1.2.4
AVG Free Edition
AVIcodec (remove only)
Azureus
BitTorrent 3.3
CCHelp
CCScore
CD Audio Reader Filter (remove only)
CDBurnerXP Pro 3
CDisplay 1.8
CDXA Image Reader Filter (SVCD/XCD) (remove only)
Core AAC Decoder (remove only)
CoreFLAC Audio Decoder+Source Filter (remove only)
Corel Painter Essentials 2
CoreVorbis Audio Decoder (remove only)
DAEMON Tools
dBpowerAMP Ogg Vorbis Codec
DIKO 2.23
Direct Show Ogg Vorbis Filter (remove only)
DirectVobSub (remove only)
DivX
DivX Operational Player 1.2
DVD Creation
DVDStyler v1.4
e-Watch Camera Viewer
FlashGet(JetCar)
Google Earth
Google Gmail Notifier
Google Talk (remove only)
Google Toolbar for Internet Explorer
GSpot Codec Information Appliance
Haali Media Splitter
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Deskjet 5700
HP Software Update
Icatch(V)
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Internet Explorer SearchBar
iPod mini 1.0 for Windows User Guide
iPod mini Software Updater 1.0
iTunes
Java Web Start
Java™ SE Development Kit 6
Java™ SE Runtime Environment 6
KSU
Liberty BASIC v4.03
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic ISO Maker v5.1 (build 0185)
MAME32k (remove only)
Matroska Pack
Matroska Pack - Lazy Man's MKV 0.94 (2004-11-11)
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Upgrade Offer
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Vista Upgrade Advisor
Microsoft Works 7.0
mIRC
Monkey Audio Source Filter (remove only)
Mozilla Firefox (1.5.0.8)
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
Music Visualizer Library 1.4.00
Nero Suite
NeroVision Express 3
Network Play System (Patching)
Network Smart Capture
New VB 5 files
nMP3amp (remove only)
NVIDIA Display Driver
NVIDIA Drivers
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Limited Patch 3.2-03-02-25-01
OpenMG Secure Module 3.2
OpenSA web server 2
Panda ActiveScan
PhanTim3
Picasa 2
QuickTime
RadLight MPC DirectShow Filter (remove only)
RadLight OptimFROG DirectShow Filter (remove only)
RealMedia (remove only)
RealOne Player
Red Swoosh EDN Client (remove only)
RTP for RM2K (Png, Wav, Midi, Fonts)
SanDisk TransferMate
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Semagic (remove only)
Shockwave
SHOUTcast Source (remove only)
SHOUTcast Source DSP 1.9.0 (remove only)
SimPE 0.44c (alpha)
Skype 2.0
SmartFTP Client
Sony Certificate PCH
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Srt2Sup a4.03
Tablet
Ulead GIF Animator 5 ESD
UnzipThemAll 1.3
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URL Helper
USB MassStorage CardReader
USB PC Camera (SN9C102)
VAIO Help and Support
VAIO Media 2.5
VAIO Media Music Server 2.5
VAIO Media Photo Server 2.5
VAIO Media Platform 2.5
VAIO Media Redistribution 2.5
VAIO Media Setup 2.5
VAIO Registration
VAIO Support
VAIO Survey Standalone
VAIO System Information
VERITAS RecordNow
VERITAS RecordNow Update Manager
VobSub v2.23 (Remove Only)
WebRebates (by TopRebates.com)
Wii Video 9 1.91
Win32 BI Application
Winamp (remove only)
Windows Blaster Worm Removal Tool (KB833330)
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Search Functions
Windows SR 2.0
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPcap 3.1
WinRAR archiver
WM Recorder 11.0
X2CD (remove only)
XviD Video Codec 24.2.2003-11:00 (uManiac's build)
Yahoo! Music Jukebox



Incident Status Location

Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\CD_CLINT.DLL
Adware:adware/ncase Not disinfected c:\windows\didduid.ini
Adware:adware/blazefind Not disinfected c:\windows\Key2.txt
Adware:adware/sidesearch Not disinfected c:\program files\Lycos
Spyware:spyware/betterinet Not disinfected Windows Registry
Adware:adware/topmoxie Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/toprebates Not disinfected Windows Registry
Spyware:spyware/bridge Not disinfected Windows Registry
Potentially unwanted tool:application/redswoosh Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75}
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mom\Cookies\mom@247realmedia[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mom\Cookies\mom@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mom\Cookies\mom@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mom\Cookies\mom@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mom\Cookies\mom@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Mom\Cookies\mom@ads.addynamix[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Mom\Cookies\mom@ads.gorillanation[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mom\Cookies\mom@ads.pointroll[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mom\Cookies\mom@apmebf[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mom\Cookies\mom@atwola[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Mom\Cookies\mom@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mom\Cookies\mom@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mom\Cookies\mom@bluestreak[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Mom\Cookies\mom@citi.bridgetrack[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Mom\Cookies\mom@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mom\Cookies\mom@com[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Mom\Cookies\mom@ct.360i[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mom\Cookies\mom@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mom\Cookies\mom@go[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mom\Cookies\mom@media.adrevolver[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Mom\Cookies\mom@offeroptimizer[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mom\Cookies\mom@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mom\Cookies\mom@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mom\Cookies\mom@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mom\Cookies\mom@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mom\Cookies\mom@revenue[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Mom\Cookies\mom@rightmedia[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Mom\Cookies\mom@searchportal.information[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mom\Cookies\mom@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mom\Cookies\mom@statcounter[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Mom\Cookies\mom@target[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mom\Cookies\mom@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mom\Cookies\mom@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Mom\Cookies\mom@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Mom\Cookies\mom@www.myaffiliateprogram[1].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Mom\Cookies\mom@www.web-stat[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mom\Cookies\mom@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Mom\Cookies\mom@xmts[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Mom\Cookies\mom@yadro[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mom\Cookies\mom@zedo[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.com.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.webpower.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[server.iad.liveperson.net/hc/12469582]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Steven\Cookies\steven@ad.sensismediasmart.com[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Steven\Cookies\steven@adultfriendfinder[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Steven\Cookies\steven@anm.co[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Steven\Cookies\steven@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Steven\Cookies\steven@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Steven\Cookies\steven@bravenet[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Steven\Cookies\steven@burstnet[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Steven\Cookies\steven@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Steven\Cookies\steven@club.cdfreaks[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Steven\Cookies\steven@com[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Steven\Cookies\steven@ct.360i[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Steven\Cookies\steven@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Steven\Cookies\steven@go[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Steven\Cookies\steven@kinghost[2].txt
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Steven\Cookies\steven@metriweb[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Steven\Cookies\steven@realmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Steven\Cookies\steven@searchportal.information[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Steven\Cookies\steven@server.iad.liveperson[4].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Steven\Cookies\steven@stat.onestat[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Steven\Cookies\steven@target[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Steven\Cookies\steven@toplist[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Steven\Cookies\steven@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Steven\Cookies\steven@www.myaffiliateprogram[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Steven\Cookies\steven@www1.addfreestats[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Steven\Cookies\steven@xiti[1].txt
Spyware:Cookie/Yadro Not disi

#5 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 28 December 2006 - 08:10 AM

Hi outlawmoogle, :huh:

While I am checking your logs could you run Panda again and see to it to post the complete log? :flowers:

Thanks. :thumbsup:

#6 outlawmoogle

outlawmoogle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 28 December 2006 - 03:24 PM

Oh, didn't notice it got cut off at the end. My post was too long.


Incident Status Location

Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\CD_CLINT.DLL
Adware:adware/ncase Not disinfected c:\windows\didduid.ini
Adware:adware/blazefind Not disinfected c:\windows\Key2.txt
Adware:adware/sidesearch Not disinfected c:\program files\Lycos
Spyware:spyware/betterinet Not disinfected Windows Registry
Adware:adware/topmoxie Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/toprebates Not disinfected Windows Registry
Spyware:spyware/bridge Not disinfected Windows Registry
Potentially unwanted tool:application/redswoosh Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75}
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mom\Cookies\mom@247realmedia[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mom\Cookies\mom@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mom\Cookies\mom@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mom\Cookies\mom@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mom\Cookies\mom@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Mom\Cookies\mom@ads.addynamix[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Mom\Cookies\mom@ads.gorillanation[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mom\Cookies\mom@ads.pointroll[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mom\Cookies\mom@apmebf[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mom\Cookies\mom@atwola[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Mom\Cookies\mom@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mom\Cookies\mom@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mom\Cookies\mom@bluestreak[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Mom\Cookies\mom@citi.bridgetrack[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Mom\Cookies\mom@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mom\Cookies\mom@com[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Mom\Cookies\mom@ct.360i[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mom\Cookies\mom@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mom\Cookies\mom@go[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mom\Cookies\mom@media.adrevolver[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Mom\Cookies\mom@offeroptimizer[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mom\Cookies\mom@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mom\Cookies\mom@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mom\Cookies\mom@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mom\Cookies\mom@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mom\Cookies\mom@revenue[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Mom\Cookies\mom@rightmedia[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Mom\Cookies\mom@searchportal.information[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mom\Cookies\mom@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mom\Cookies\mom@statcounter[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Mom\Cookies\mom@target[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mom\Cookies\mom@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mom\Cookies\mom@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Mom\Cookies\mom@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Mom\Cookies\mom@www.myaffiliateprogram[1].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Mom\Cookies\mom@www.web-stat[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mom\Cookies\mom@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Mom\Cookies\mom@xmts[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Mom\Cookies\mom@yadro[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mom\Cookies\mom@zedo[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.com.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[.webpower.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\v3u8ao9z.default\cookies.txt[server.iad.liveperson.net/hc/12469582]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Steven\Cookies\steven@ad.sensismediasmart.com[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Steven\Cookies\steven@adultfriendfinder[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Steven\Cookies\steven@anm.co[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Steven\Cookies\steven@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Steven\Cookies\steven@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Steven\Cookies\steven@bravenet[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Steven\Cookies\steven@burstnet[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Steven\Cookies\steven@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Steven\Cookies\steven@club.cdfreaks[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Steven\Cookies\steven@com[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Steven\Cookies\steven@ct.360i[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Steven\Cookies\steven@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Steven\Cookies\steven@go[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Steven\Cookies\steven@kinghost[2].txt
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Steven\Cookies\steven@metriweb[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Steven\Cookies\steven@realmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Steven\Cookies\steven@searchportal.information[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Steven\Cookies\steven@server.iad.liveperson[4].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Steven\Cookies\steven@stat.onestat[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Steven\Cookies\steven@target[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Steven\Cookies\steven@toplist[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Steven\Cookies\steven@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Steven\Cookies\steven@www.myaffiliateprogram[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Steven\Cookies\steven@www1.addfreestats[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Steven\Cookies\steven@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Steven\Cookies\steven@yadro[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Steven\Local Settings\Temp\Cookies\steven@go[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Steven\Local Settings\Temp\Cookies\steven@systemdoctor[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Steven\Local Settings\Temp\Cookies\steven@www.systemdoctor[1].txt
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Steven\Local Settings\Temp\ss_cdt_setup.exe[ =.dll]
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Steven\Local Settings\Temp\ss_cdt_setup.exe[offline.htm]
Adware:Adware/Gmter Not disinfected C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\333OJRLS\popup[1].htm
Adware:Adware/BlazeFind Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3D5830BB-6B07-483B-96A3-20DCC4\B293BFE4-8141-4B60-BD92-920EFC
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Program Files\mIRC\mem.dll
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\Program Files\mIRC\moo.dll
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\Downloaded Program Files\turbo.inf
Potentially unwanted tool:Application/Redswoosh Not disinfected C:\WINDOWS\RSEDNClientUninstaller.exe

#7 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 30 December 2006 - 06:52 AM

Hi outlawmoogle, :thumbsup:

1. Unfortunately I see no firewall in your runing processes which probably means that you have none. I urge you to install one since it's your first defense against malware. There are several good but for free programmes available like:

Sygate
Kerio
Zone alarm

For a tutorial on Firewalls click: Understanding and Using Firewalls!

2. We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

You may re-enable it again when your computer is clean; I will let you know!

3. Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following program if listed:

Red Swoosh EDN Client (remove only)
WebRebates (by TopRebates.com)
Win32 BI Application


I note in your log that you have FlashGet the download manager - Be aware that the trial copy bundles Cydoor adware, but when you register the Ads disappear.

FlashGet(JetCar): optional see above!

4. Run HijackThis, click Scan and checkmark the following entries:

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WebRebates] javaw -cp "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
O4 - HKLM\..\Run: [SS3EDIT] C:\WINDOWS\wUA3uRFWg.exe
O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [JEDI] C:\WINDOWS\bu2IYbpMW9HG.exe
O4 - HKLM\..\Run: [jbnyuxwy] C:\WINDOWS\System32\zexayvts.exe
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ise/install.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O19 - User stylesheet: (file missing)


> If you agreed to remove FlashGet, checkmark these entries:

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Programs\FlashGet\fgiebar.dll
O8 - Extra context menu item: Download All by FlashGet - D:\Programs\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Programs\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programs\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programs\FlashGet\flashget.exe


> Spykiller is a shareware "Spyware remover" of questionable quality and repute. See this page on Rogue/Suspect Anti-Spyware Products & Web Sites
The Spyware Warrior List of
Rogue/Suspect Anti-Spyware Products & Web Sites
. There are better alternatives that are freeware: Trustworthy Anti-Spyware Products-list

I therefore recommend to checkmark this entry:

O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

> I am a big believer in having nothing in your trusted sites. The only advantage to have a domain in your trusted sites, is that it wont prompt you when installing software. This also means, that if a new exploit comes out where a site can spoof their domain to one that matches one in your trusted sites, then you will never know when they install software on your machine.
As these sites will still be able to install the software on your machine, even if you dont have the O15 entries, by just hitting yes to the prompt, I suggest leaving those empty. If you agree checkmark these entries as well:

O15 - Trusted Zone: www.dsfanboy.com
O15 - Trusted Zone: www.engadget.com
O15 - Trusted Zone: www.fark.com
O15 - Trusted Zone: www.gamefaqs.com
O15 - Trusted Zone: www.gonintendo.com
O15 - Trusted Zone: www.ign.com
O15 - Trusted Zone: www.joystiq.com
O15 - Trusted Zone: www.livejournal.com
O15 - Trusted Zone: www.wamu.com


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

5. Reboot and as the computer starts up, just before Windows starts to load, tap the F8 key a few times and then choose Safe Mode from the menu that will appear.

6. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following folders in bold if listed:

C:\Program Files\WildTangent
C:\Program Files\WebRebates
C:\Program Files\RSNet
D:\Programs\FlashGet<< If you deleted the optional!
C:\Program Files\SpyKiller<< If you deleted the optional!
c:\program files\Lycos

.......... and files in bold if listed:

C:\WINDOWS\wUA3uRFWg.exe
C:\WINDOWS\services.exe
C:\WINDOWS\bu2IYbpMW9HG.exe
C:\WINDOWS\System32\zexayvts.exe
C:\WINDOWS\system32\CD_CLINT.DLL
c:\windows\didduid.ini
c:\windows\Key2.txt
C:\Program Files\mIRC\mem.dll
C:\Program Files\mIRC\moo.dll
C:\WINDOWS\Downloaded Program Files\turbo.inf
C:\WINDOWS\RSEDNClientUninstaller.exe

7. Empty C:\Program Files\Microsoft AntiSpyware\Quarantine

8. Clean your Cache and Cookies in IE:

* Close all instances of Outlook Express and Internet Explorer
* Go to Control Panel > Internet Options > General tab
* Click the "Delete Cookies" button
* Next to it, Click the "Delete Files" button
* When prompted, place a check in: "Delete all offline content", click OK

Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

* Go to Tools > Options.
* Click Privacy in the menu on the left side of the Options window.
* Click the Clear button located to the right of each option (History, Cookies, Cache).
* Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Clean other Temporary files + Recycle bin

* Go to start > run and type: cleanmgr and click ok.
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
* Press OK to remove them.

9. Now open Notepad and copy and paste the following text in the quotebox into it:

Windows Registry Editor Version 5.00

[-hkey_classes_root\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}]

[-hkey_classes_root\clsid\{FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75}]

[-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75}]


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

10. Reboot to go back into Normal mode.

11. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post the Kaspersky report along with a fresh HIjackThis log for review.

#8 outlawmoogle

outlawmoogle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 30 December 2006 - 06:55 PM

1. I'm running Windows Firewall, I dont know why it didn't show up. I'm also behind a NAT router.

3. The first three programs have been in that uninstall list for over a year, I could never get rid of them. They're still in there after following all the steps. FlashGet cleanly uninstalled however.

4. Not only do I not use Spykiller, I've never even heard of it. Must've sneaked on somehow, or someone else installed it. I only use Ad-Aware, Spybot, Microsoft Defender, and Spyware Blaster.

11.
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 30, 2006 3:47:05 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/12/2006
Kaspersky Anti-Virus database records: 255181


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 150201
Number of viruses found 4
Number of infected objects 5 / 0
Number of suspicious objects 0
Duration of the scan process 02:06:35

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12072006-122643.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Steven\Application Data\Aim\mgbynyps\OutlawMoogle\cert8.db Object is locked skipped

C:\Documents and Settings\Steven\Application Data\Aim\mgbynyps\OutlawMoogle\key3.db Object is locked skipped

C:\Documents and Settings\Steven\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Steven\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Steven\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Steven\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Steven\Local Settings\History\History.IE5\MSHist012006123020061231\index.dat Object is locked skipped

C:\Documents and Settings\Steven\Local Settings\Temp\ss_cdt_setup.exe/data0002 Infected: not-a-virus:AdWare.Win32.Sidesearch.e skipped

C:\Documents and Settings\Steven\Local Settings\Temp\ss_cdt_setup.exe NSIS: infected - 1 skipped

C:\Documents and Settings\Steven\Local Settings\Temp\Temporary Internet Files\Content.IE5\2ZSBR458\045[1].htm Infected: Trojan-Downloader.HTML.Agent.au skipped

C:\Documents and Settings\Steven\Local Settings\Temp\Temporary Internet Files\Content.IE5\KL2V09EJ\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\Steven\Local Settings\Temp\~DF9611.tmp Object is locked skipped

C:\Documents and Settings\Steven\Local Settings\Temp\~DF967F.tmp Object is locked skipped

C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Steven\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Steven\ntuser.dat.LOG Object is locked skipped

C:\OpenSA\Apache2\logs\access.log Object is locked skipped

C:\OpenSA\Apache2\logs\access_log Object is locked skipped

C:\OpenSA\Apache2\logs\error.log Object is locked skipped

C:\OpenSA\Apache2\logs\error_log Object is locked skipped

C:\OpenSA\Apache2\logs\ssl_request_log Object is locked skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\Program Files\mIRC\logs\#koreations.Cyanide-x.log Object is locked skipped

C:\Program Files\mIRC\logs\#LizardKingdom.Cyanide-x.log Object is locked skipped

C:\Program Files\mIRC\logs\#munkki.Cyanide-x.log Object is locked skipped

C:\Program Files\mIRC\logs\#negima.Cyanide-x.log Object is locked skipped

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped

C:\Program Files\Sony\Photo Server\db\vpdb.ldb Object is locked skipped

C:\Program Files\Sony\Photo Server\db\vpdb.mdb Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{543848E5-A971-4387-BA47-9852573A650F}\RP882\change.log Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\MEMORY.DMP Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd6781.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\JETD783.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.





Logfile of HijackThis v1.99.1
Scan saved at 3:53:54 PM, on 12/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\OpenSA\Apache2\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
D:\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\QuickTime\qttask.exe
D:\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\Tablet.exe
D:\D-Tools\daemon.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
D:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Semagic\LiveJournal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\mIRC\mirc.exe
d:\Azureus\Azureus.exe
C:\Documents and Settings\Steven\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] D:\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=010907 serial=pe02cbx-0000003-nmd lang=EN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] d:\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [PhanTim31] "C:\Program Files\PhanTim3\PhanTim3.exe" 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: Konfabulator.lnk = D:\Konfabulator\Konfabulator.exe
O4 - Startup: Mobipocket Web Companion.lnk = ?
O4 - Startup: Semagic.lnk = C:\Program Files\Semagic\LiveJournal.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: check-ip-changed.bat
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Steven\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://openacademy.mindef.gov.sg/OpenAcade...uggin/ipixx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098231998309
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143963703875
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} (Toolbar Reg Sniff Activate) - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

#9 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 02 January 2007 - 08:48 AM

Hi outlawmoogle, :thumbsup:

Best wishes for 2007!

The first three programs have been in that uninstall list for over a year, I could never get rid of them. They're still in there after following all the steps.


Do you mean you couldn't uninstall those three programmes or that you don't want to? In the latter case there's nothing me and my colleagues can do since you will remain infected. If you want to get rid of them but cann't I can help you with that. Please let me know.

#10 outlawmoogle

outlawmoogle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 02 January 2007 - 12:52 PM

Couldn't

#11 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:00 PM

Posted 03 January 2007 - 07:24 AM

Hi outlawmoogle, :thumbsup:

1. Disable WindowsDefender again please.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

2. Run HijackThis, click Scan and checkmark the following entries:

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O19 - User stylesheet: (file missing)


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

3. Clean your Cache and Cookies in IE:

* Close all instances of Outlook Express and Internet Explorer
* Go to Control Panel > Internet Options > General tab
* Click the "Delete Cookies" button
* Next to it, Click the "Delete Files" button
* When prompted, place a check in: "Delete all offline content", click OK

Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

* Go to Tools > Options.
* Click Privacy in the menu on the left side of the Options window.
* Click the Clear button located to the right of each option (History, Cookies, Cache).
* Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Clean other Temporary files + Recycle bin

* Go to start > run and type: cleanmgr and click ok.
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
* Press OK to remove them.

4. Please try to uninstall those three programmes once more and if something goes wrong and/or if you get an error message post back the error as specifc as possible.

Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following program if listed:

Red Swoosh EDN Client (remove only)
WebRebates (by TopRebates.com)
Win32 BI Application


Please reboot, post a fresh HijackThis log and let me know how this went.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users