Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Hijack This Log!


  • Please log in to reply
20 replies to this topic

#1 looney2340

looney2340

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:37 PM

Posted 05 April 2007 - 09:17 PM

My Computer has been running sooo slow past few days and i cant figure out why. I have run several spyware programs and virus scans and it is still extremely slow and i have now started to get popups which i have not had for a very very log time....here is my log can anyone help me please

Logfile of HijackThis v1.99.1
Scan saved at 10:07:32 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\csrss.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myway.com/
O2 - BHO: (no name) - {2f46da77-6df8-4b77-b2b4-2b02ad8d0824} - C:\WINDOWS\system32\cewund.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174176874390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174176861001
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EBD1F1E-9525-4A9D-AE5F-41095FAE4EB4}: NameServer = 205.188.146.145
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: cdfes - cdfes.dll (file missing)
O20 - Winlogon Notify: cewund - C:\WINDOWS\SYSTEM32\cewund.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe

BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:09:37 PM

Posted 06 April 2007 - 09:06 AM

Welcome to BC !!!! :thumbsup:


Please download
VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,
    click YES
  • Once you click yes, your desktop will go blank as it starts removing
    Vundo.
  • When completed, it will prompt that it will shutdown your computer,
    click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new
    HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not
remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for

Vundo
button." when VundoFix appears at reboot.


====================================


Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Microsoft MVP Consumer Security--2007-2010

#3 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:37 PM

Posted 14 April 2007 - 04:24 PM

Im sorry it took so long for a reply im working 2 jobs 16 hrs a day........vundo did not find any files and it did not give me option to save a log......here is my combofix long and a new hijack this log....my popups are now coming more frequently...





"Administrator" - 07-04-14 17:10:06 Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\Administrator\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tmp343.tmp.dll
C:\WINDOWS\csrss.exe
C:\WINDOWS\ie-hook.txt


((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 ))))))))))))))))))))))))))))))))))


2007-04-06 11:30 4 --a------ C:\WINDOWS\system32\fontqxet.dll
2007-04-06 09:58 8 --a------ C:\WINDOWS\system32\sdfinacs.dll
2007-04-06 09:58 14 --a------ C:\WINDOWS\system32\rasqervy.dll
2007-04-06 09:56 115 --a------ C:\WINDOWS\system32\wuasirvy.dll
2007-04-06 09:53 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-04-05 22:19 <DIR> d-------- C:\VundoFix Backups
2007-04-04 11:06 19,216 --a------ C:\WINDOWS\system32\cewund.dll
2007-04-02 19:16 <DIR> d-------- C:\DOCUME~1\Hank\APPLIC~1\Morpheus
2007-03-17 21:39 8,535 --a------ C:\WINDOWS\system32\pmkllkk.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-12 23:52 -------- d-------- C:\Program Files\wisco computing


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"McAfee.InstantUpdate.Monitor"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /startmonitor"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Alogserv"="C:\\Program Files\\McAfee\\McAfee VirusScan\\alogserv.exe"
"McAfee Guardian"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Guardian\\CMGRDIAN.EXE\" /SU"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackICE PC Protection.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BlackICE PC Protection.lnk"
"backup"="C:\\WINDOWS\\pss\\BlackICE PC Protection.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ISS\\BlackICE\\blackice.exe -closed"
"item"="BlackICE PC Protection"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkCommon Startup"
"location"="Common Startup"
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
"backup"="C:\\WINDOWS\\pss\\Printkey2000.lnkCommon Startup"
"location"="Common Startup"
"item"="Printkey2000"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^updater.lnk]
"backup"="C:\\WINDOWS\\pss\\updater.lnkCommon Startup"
"location"="Common Startup"
"item"="updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="points manager"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTV]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="btv"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InstaFinderK_inst"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaalite"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Kazaa Lite\\kpp.exe\" \"C:\\Program Files\\Kazaa Lite\\kazaalite.kpp\" /SYSTRAY"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SemanticInsight"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tbon"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"system"="C:\\WINDOWS\\csrss.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cdfes
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cewund

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command setupSNK.exe


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-14 17:14:28
C:\ComboFix-quarantined-files.txt ... 07-04-14 17:14




Logfile of HijackThis v1.99.1
Scan saved at 5:20:06 PM, on 4/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myway.com/
O2 - BHO: (no name) - {2f46da77-6df8-4b77-b2b4-2b02ad8d0824} - C:\WINDOWS\system32\cewund.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174176874390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174176861001
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: cdfes - cdfes.dll (file missing)
O20 - Winlogon Notify: cewund - C:\WINDOWS\SYSTEM32\cewund.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe

#4 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:09:37 PM

Posted 14 April 2007 - 05:59 PM

ownload WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in
Microsoft MVP Consumer Security--2007-2010

#5 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:37 PM

Posted 15 April 2007 - 02:56 PM

Here is my WinPFfind log.....

WinPFind3 logfile created on: 4/15/2007 3:39:19 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

255.46 Mb Total Physical Memory | 43.71 Mb Available Physical Memory | 17.11% Memory free
432.48 Mb Paging File | 142.53 Mb Available in Paging File | 32.96% Paging File free
Paging file location(s): C:\pagefile.sys 200 384;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 1.74 Gb Free Space | 17.82% Space Free
Drive D: | 4.53 Gb Total Space | 1.84 Gb Free Space | 40.71% Space Free
E: Drive not present or media not loaded
Drive F: | 571.25 Mb Total Space | 22.23 Mb Free Space | 3.89% Space Free

Computer Name: DESKTOP1
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 1:07:32 PM | Attr = ]
avconsol.exe -> %ProgramFiles%\McAfee\McAfee VirusScan\Avconsol.exe -> Network Associates, Inc. [Ver = 6.01.1008.1 | Size = 151569 bytes | Modified Date = 9/27/2001 6:01:00 AM | Attr = ]
avsynmgr.exe -> %ProgramFiles%\McAfee\McAfee VirusScan\Avsynmgr.exe -> Network Associates, Inc. [Ver = 6.01.1008.1 | Size = 167953 bytes | Modified Date = 9/27/2001 6:01:00 AM | Attr = ]
blackd.exe -> %ProgramFiles%\ISS\BlackICE\blackd.exe -> Internet Security Systems, Inc. [Ver = 3.6.319 | Size = 1229430 bytes | Modified Date = 9/9/2004 1:38:04 PM | Attr = ]
blackice.exe -> %ProgramFiles%\ISS\BlackICE\blackice.exe -> Internet Security Systems, Inc. [Ver = 3.6.320 | Size = 778240 bytes | Modified Date = 5/4/2005 10:14:00 AM | Attr = ]
cpd.exe -> %ProgramFiles%\McAfee\McAfee Firewall\cpd.exe -> Networks Associates, Inc. [Ver = 3.01.1010.0 | Size = 286720 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
cpdclnt.exe -> %ProgramFiles%\McAfee\McAfee Firewall\CPDClnt.exe -> Networks Associates, Inc. [Ver = 3.01.1010.0 | Size = 61440 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
crypserv.exe -> %System32%\Crypserv.exe -> Kenonic Controls Ltd. [Ver = 5.4.0 | Size = 52224 bytes | Modified Date = 6/29/2000 4:45:10 AM | Attr = ]
vsstat.exe -> %ProgramFiles%\McAfee\McAfee VirusScan\VSStat.exe -> [Ver = | Size = 106513 bytes | Modified Date = 9/27/2001 6:01:00 AM | Attr = ]
webscanx.exe -> %ProgramFiles%\McAfee\McAfee VirusScan\WebScanX.exe -> Network Associates, Inc. [Ver = 6.01.1008.1 | Size = 143377 bytes | Modified Date = 9/27/2001 6:01:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 1:07:32 PM | Attr = ]
(AvSynMgr) AVSync Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\McAfee VirusScan\Avsynmgr.exe -> Network Associates, Inc. [Ver = 6.01.1008.1 | Size = 167953 bytes | Modified Date = 9/27/2001 6:01:00 AM | Attr = ]
(BlackICE) BlackICE [Win32_Own | Auto | Running] -> %ProgramFiles%\ISS\BlackICE\blackd.exe -> Internet Security Systems, Inc. [Ver = 3.6.319 | Size = 1229430 bytes | Modified Date = 9/9/2004 1:38:04 PM | Attr = ]
(Crypkey License) Crypkey License [Win32_Own | Auto | Running] -> %System32%\Crypserv.exe -> Kenonic Controls Ltd. [Ver = 5.4.0 | Size = 52224 bytes | Modified Date = 6/29/2000 4:45:10 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(McAfee Firewall) McAfee Firewall [Win32_Shared | Auto | Running] -> %ProgramFiles%\McAfee\McAfee Firewall\cpd.exe -> Networks Associates, Inc. [Ver = 3.01.1010.0 | Size = 286720 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
(RapApp) RapApp [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ISS\BlackICE\RapApp.exe -> Internet Security Systems, Inc. [Ver = 3.6.25.0 | Size = 684032 bytes | Modified Date = 2/25/2003 7:25:58 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BootService -> %SystemRoot%\yaaxxv.dll [rundll32.exe "C:\WINDOWS\yaaxxv.dll",realset] -> [Ver = | Size = 106767 bytes | Modified Date = 4/15/2007 3:33:18 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\America Online Tray Icon.lnk -> %ProgramFiles%\America Online 9.0\aoltray.exe -> America Online, Inc. [Ver = 9.00.001 | Size = 156784 bytes | Modified Date = 5/7/2004 5:53:52 PM | Attr = H ]
%AllUsersStartup%\BlackICE PC Protection.lnk -> %ProgramFiles%\ISS\BlackICE\blackice.exe -> Internet Security Systems, Inc. [Ver = 3.6.320 | Size = 778240 bytes | Modified Date = 5/4/2005 10:14:00 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
cdfes -> cdfes.dll -> File not found
cewund -> %System32%\cewund.dll -> [Ver = | Size = 19216 bytes | Modified Date = 4/4/2007 11:06:34 AM | Attr = ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> \blank.htm ->
HKCU: Search Page -> http://www.msn.com/access/allinone.asp ->
HKCU: Start Page -> http://www.myway.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{2f46da77-6df8-4b77-b2b4-2b02ad8d0824} [HKLM] -> %System32%\cewund.dll [Reg Data - Value does not exist] -> [Ver = | Size = 19216 bytes | Modified Date = 4/4/2007 11:06:34 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr = ]
{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> Reg Data - Key not found [MenuText: Uninstall BitDefender Online Scanner v8] -> File not found
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{3B99F1B0-8249-45BC-8DA7-0195F4B07432} -> (Microsoft® PCI Adapter MN-130) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\CsLsp.dll -> Networks Associates Technologies, Inc. [Ver = 1.00.1027.0 | Size = 80384 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\CsLsp.dll -> Networks Associates Technologies, Inc. [Ver = 1.00.1027.0 | Size = 80384 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\CsLsp.dll -> Networks Associates Technologies, Inc. [Ver = 1.00.1027.0 | Size = 80384 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\CsLsp.dll -> Networks Associates Technologies, Inc. [Ver = 1.00.1027.0 | Size = 80384 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\CsLsp.dll -> Networks Associates Technologies, Inc. [Ver = 1.00.1027.0 | Size = 80384 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\CsLsp.dll -> Networks Associates Technologies, Inc. [Ver = 1.00.1027.0 | Size = 80384 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> YInstStarter Class - CodeBase = http://download.yahoo.com/dl/installs/yinst0309.cab ->
{4B48D5DF-9021-45F7-A240-60304302A215} -> Malicious Software Removal Tool - CodeBase = http://download.microsoft.com/download/b/d.../WebCleaner.cab ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1174176874390 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1174176861001 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267943936 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 4/14/2007 4:12:49 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4/5/2007 9:19:17 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 4/6/2007 8:53:02 AM | Attr = ]
fffggh.ini -> %SystemRoot%\fffggh.ini -> [Ver = | Size = 1456219 bytes | Created Date = 3/25/2007 2:53:48 PM | Attr = HS]
uwycfe.ini -> %SystemRoot%\uwycfe.ini -> [Ver = | Size = 1456123 bytes | Created Date = 4/4/2007 11:38:05 AM | Attr = HS]
vxxaay.ini -> %SystemRoot%\vxxaay.ini -> [Ver = | Size = 1204920 bytes | Created Date = 4/15/2007 2:33:18 PM | Attr = HS]
yaaxxv.dll -> %SystemRoot%\yaaxxv.dll -> [Ver = | Size = 106767 bytes | Created Date = 4/15/2007 2:33:16 PM | Attr = ]
cewund.dll -> %System32%\cewund.dll -> [Ver = | Size = 19216 bytes | Created Date = 4/4/2007 10:06:32 AM | Attr = ]
fontqxet.dll -> %System32%\fontqxet.dll -> [Ver = | Size = 4 bytes | Created Date = 4/6/2007 10:30:20 AM | Attr = ]
pmkllkk.dll -> %System32%\pmkllkk.dll -> [Ver = | Size = 8535 bytes | Created Date = 3/17/2007 8:39:01 PM | Attr = ]
rasqervy.dll -> %System32%\rasqervy.dll -> [Ver = | Size = 14 bytes | Created Date = 4/6/2007 8:58:44 AM | Attr = ]
sdfinacs.dll -> %System32%\sdfinacs.dll -> [Ver = | Size = 8 bytes | Created Date = 4/6/2007 8:58:43 AM | Attr = ]
wuasirvy.dll -> %System32%\wuasirvy.dll -> [Ver = | Size = 115 bytes | Created Date = 4/6/2007 8:56:46 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267943936 bytes | Modified Date = 4/15/2007 3:27:48 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/14/2007 10:36:02 PM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 4/14/2007 5:13:32 PM | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 4/2/2007 9:17:10 PM | Attr = ]
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 89639 bytes | Modified Date = 4/14/2007 11:11:16 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 4/5/2007 10:19:18 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/15/2007 3:33:26 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 4/6/2007 9:54:18 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/15/2007 3:27:54 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/6/2007 9:53:08 AM | Attr = S]
fffggh.ini -> %SystemRoot%\fffggh.ini -> [Ver = | Size = 1456219 bytes | Modified Date = 4/1/2007 3:24:10 PM | Attr = HS]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/6/2007 9:53:04 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/15/2007 12:35:20 AM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/14/2007 6:54:52 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 4/14/2007 10:34:54 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/15/2007 3:31:06 PM | Attr = ]
uwycfe.ini -> %SystemRoot%\uwycfe.ini -> [Ver = | Size = 1456123 bytes | Modified Date = 4/4/2007 10:44:56 PM | Attr = HS]
vxxaay.ini -> %SystemRoot%\vxxaay.ini -> [Ver = | Size = 1204920 bytes | Modified Date = 4/15/2007 3:33:26 PM | Attr = HS]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 623 bytes | Modified Date = 4/14/2007 11:11:04 PM | Attr = ]
WINTOYS.INI -> %SystemRoot%\WINTOYS.INI -> [Ver = | Size = 26 bytes | Modified Date = 3/18/2007 8:52:18 PM | Attr = ]
yaaxxv.dll -> %SystemRoot%\yaaxxv.dll -> [Ver = | Size = 106767 bytes | Modified Date = 4/15/2007 3:33:18 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/15/2007 3:27:58 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/6/2007 9:53:00 AM | Attr = ]
cewund.dll -> %System32%\cewund.dll -> [Ver = | Size = 19216 bytes | Modified Date = 4/4/2007 11:06:34 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 3/17/2007 8:15:04 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 4/14/2007 5:10:12 PM | Attr = ]
fontqxet.dll -> %System32%\fontqxet.dll -> [Ver = | Size = 4 bytes | Modified Date = 4/14/2007 4:40:30 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 4/15/2007 3:32:18 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 55760 bytes | Modified Date = 4/1/2007 11:34:16 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 358674 bytes | Modified Date = 4/1/2007 11:34:16 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 420342 bytes | Modified Date = 4/1/2007 11:34:16 AM | Attr = ]
pmkllkk.dll -> %System32%\pmkllkk.dll -> [Ver = | Size = 8535 bytes | Modified Date = 3/17/2007 9:39:02 PM | Attr = ]
rasqervy.dll -> %System32%\rasqervy.dll -> [Ver = | Size = 14 bytes | Modified Date = 4/6/2007 9:58:46 AM | Attr = ]
sdfinacs.dll -> %System32%\sdfinacs.dll -> [Ver = | Size = 8 bytes | Modified Date = 4/6/2007 9:58:44 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 4/14/2007 3:06:18 PM | Attr = ]
wuasirvy.dll -> %System32%\wuasirvy.dll -> [Ver = | Size = 115 bytes | Modified Date = 4/6/2007 9:56:48 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
UpackByDwing , MZKERNEL32.DLL , -> %SystemRoot%\yaaxxv.dll -> [Ver = | Size = 106767 bytes | Modified Date = 4/15/2007 3:33:18 PM | Attr = ]
PEC2 , -> %System32%\atl71.pdb -> [Ver = | Size = 2052096 bytes | Modified Date = 3/18/2003 11:05:48 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PTech , -> %System32%\LegitCheckControl.dll -> Microsoft® Corporation [Ver = 1.3.0254.0 | Size = 520456 bytes | Modified Date = 7/12/2005 7:04:22 PM | Attr = ]
PEC2 , -> %System32%\MFC42.PDB -> [Ver = | Size = 8015872 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFC42D.PDB -> [Ver = | Size = 3944448 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFC42U.PDB -> [Ver = | Size = 7991296 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFC42UD.PDB -> [Ver = | Size = 3952640 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\mfc71.pdb -> [Ver = | Size = 10357760 bytes | Modified Date = 3/19/2003 1:20:00 AM | Attr = ]
PEC2 , -> %System32%\MFC71d.pdb -> [Ver = | Size = 8252416 bytes | Modified Date = 3/19/2003 12:28:40 AM | Attr = ]
PEC2 , -> %System32%\mfc71u.pdb -> [Ver = | Size = 10333184 bytes | Modified Date = 3/19/2003 1:12:12 AM | Attr = ]
PEC2 , -> %System32%\mfc71ud.pdb -> [Ver = | Size = 8293376 bytes | Modified Date = 3/19/2003 12:31:58 AM | Attr = ]
PEC2 , -> %System32%\MFCD42D.PDB -> [Ver = | Size = 2052096 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFCD42UD.PDB -> [Ver = | Size = 2068480 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFCN42D.PDB -> [Ver = | Size = 1454080 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFCN42UD.PDB -> [Ver = | Size = 1462272 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFCO42D.PDB -> [Ver = | Size = 4395008 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFCO42UD.PDB -> [Ver = | Size = 4435968 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\pmkllkk.dll -> [Ver = | Size = 8535 bytes | Modified Date = 3/17/2007 9:39:02 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 1:41:38 AM | Attr = ]

< End of report >

#6 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:09:37 PM

Posted 15 April 2007 - 04:05 PM

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> BootService -> %SystemRoot%\yaaxxv.dll [rundll32.exe "C:\WINDOWS\yaaxxv.dll",realset]
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> cdfes -> cdfes.dll
YY -> cewund -> %System32%\cewund.dll
< Internet Explorer Settings > ->
YN -> HKCU: Start Page -> http://www.myway.com/
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {2f46da77-6df8-4b77-b2b4-2b02ad8d0824} [HKLM] -> %System32%\cewund.dll [Reg Data - Value does not exist]
[Files/Folders - Created Within 30 days]
NY -> fffggh.ini -> %SystemRoot%\fffggh.ini
NY -> uwycfe.ini -> %SystemRoot%\uwycfe.ini
NY -> vxxaay.ini -> %SystemRoot%\vxxaay.ini
NY -> yaaxxv.dll -> %SystemRoot%\yaaxxv.dll
NY -> cewund.dll -> %System32%\cewund.dll
NY -> fontqxet.dll -> %System32%\fontqxet.dll
NY -> pmkllkk.dll -> %System32%\pmkllkk.dll
NY -> rasqervy.dll -> %System32%\rasqervy.dll
NY -> sdfinacs.dll -> %System32%\sdfinacs.dll
NY -> wuasirvy.dll -> %System32%\wuasirvy.dll
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it will Reboot. CLick the Ok button. Please go back into your WinPFind3u Folder (on your Desktop), post the contents of ******_***** log along with a new WinPFind3u scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
Microsoft MVP Consumer Security--2007-2010

#7 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:37 PM

Posted 15 April 2007 - 06:33 PM

I have tried your last suggestion and let it run for over 40 min and it keeps locking up and not responding so i will keep trying but so far have been unable to get a log.......i did update my virus scan definitions as well as my 2 spyware programs (ad-aware, and NoAdware) and mcafee did find 3 virus and spyware programs did find other files i ran all 3 until clean but mcafee is still finding different infected files with each run....im sorry i did not copy down the names of what it did find........i will continue to run winfind with the fix you suggested and post a log if im able.

#8 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:09:37 PM

Posted 15 April 2007 - 09:04 PM

Okay, i seemed to have the same problem. Lets just try this one

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> BootService -> %SystemRoot%\yaaxxv.dll [rundll32.exe "C:\WINDOWS\yaaxxv.dll",realset]
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> cdfes -> cdfes.dll
YY -> cewund -> %System32%\cewund.dll
< Internet Explorer Settings > ->
YN -> HKCU: Start Page -> http://www.myway.com/
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {2f46da77-6df8-4b77-b2b4-2b02ad8d0824} [HKLM] -> %System32%\cewund.dll [Reg Data - Value does not exist]
[Files/Folders - Created Within 30 days]
NY -> fffggh.ini -> %SystemRoot%\fffggh.ini
NY -> uwycfe.ini -> %SystemRoot%\uwycfe.ini
NY -> vxxaay.ini -> %SystemRoot%\vxxaay.ini
NY -> yaaxxv.dll -> %SystemRoot%\yaaxxv.dll
NY -> cewund.dll -> %System32%\cewund.dll
NY -> fontqxet.dll -> %System32%\fontqxet.dll
NY -> pmkllkk.dll -> %System32%\pmkllkk.dll
NY -> rasqervy.dll -> %System32%\rasqervy.dll
NY -> sdfinacs.dll -> %System32%\sdfinacs.dll
NY -> wuasirvy.dll -> %System32%\wuasirvy.dll
[Empty Temp Folders]


Microsoft MVP Consumer Security--2007-2010

#9 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:37 PM

Posted 17 April 2007 - 10:51 PM

Hello,
I have tried this second fix with the same results program stops responding and i have to keep shutting it down without getting a log

#10 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:09:37 PM

Posted 18 April 2007 - 03:26 PM

Not sure what's making it lock up.

Please download
VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,
    click YES
  • Once you click yes, your desktop will go blank as it starts removing
    Vundo.
  • When completed, it will prompt that it will shutdown your computer,
    click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new
    HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not
remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for

Vundo
button." when VundoFix appears at reboot.
Microsoft MVP Consumer Security--2007-2010

#11 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:37 PM

Posted 18 April 2007 - 09:44 PM

I WAS FINALLY ABLE TO RUN THE SECOND FIX YOU SUGGESTED AND HERE IS THE LOG FROM IT.......I HAVE NOTICED I CAN NOT MINIMIZE ANY WINDOWS INSTEAD IT CLOSES THEM OUT COMPLETELY NOT SURE IF THIS IS AN EFFECT OF MY PROBLEM OR NOT.....HERE IS THE LOG





[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BootService not found.
DllUnregisterServer procedure not found in C:\WINDOWS\yaaxxv.dll
C:\WINDOWS\yaaxxv.dll NOT unregistered.
C:\WINDOWS\yaaxxv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cdfes not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cewund deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\cewund.dll
C:\WINDOWS\SYSTEM32\cewund.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\cewund.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f46da77-6df8-4b77-b2b4-2b02ad8d0824} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f46da77-6df8-4b77-b2b4-2b02ad8d0824} deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\fffggh.ini moved successfully.
C:\WINDOWS\uwycfe.ini moved successfully.
C:\WINDOWS\vxxaay.ini moved successfully.
File C:\WINDOWS\yaaxxv.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\cewund.dll
C:\WINDOWS\SYSTEM32\cewund.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\cewund.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\fontqxet.dll
C:\WINDOWS\SYSTEM32\fontqxet.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\fontqxet.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\pmkllkk.dll
C:\WINDOWS\SYSTEM32\pmkllkk.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\pmkllkk.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\rasqervy.dll
C:\WINDOWS\SYSTEM32\rasqervy.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\rasqervy.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\sdfinacs.dll
C:\WINDOWS\SYSTEM32\sdfinacs.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\sdfinacs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\wuasirvy.dll
C:\WINDOWS\SYSTEM32\wuasirvy.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\wuasirvy.dll moved successfully.
[Empty Temp Folders]
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
< End of log >
Created on 04/17/2007 23:50:19

#12 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:09:37 PM

Posted 18 April 2007 - 09:49 PM

Good job, i should of told you to close all open programs. Could you run WinPFind scan again the post the results. Thanks.
Microsoft MVP Consumer Security--2007-2010

#13 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:37 PM

Posted 19 April 2007 - 09:47 PM

Here is my new winpfind3u file.......

WinPFind3 logfile created on: 4/19/2007 10:25:59 PM
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

255.46 Mb Total Physical Memory | 76.73 Mb Available Physical Memory | 30.04% Memory free
432.69 Mb Paging File | 232.39 Mb Available in Paging File | 53.71% Paging File free
Paging file location(s): C:\pagefile.sys 200 384;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 1.75 Gb Free Space | 17.96% Space Free
Drive D: | 4.53 Gb Total Space | 1.84 Gb Free Space | 40.71% Space Free
E: Drive not present or media not loaded
Drive F: | 571.25 Mb Total Space | 22.23 Mb Free Space | 3.89% Space Free

Computer Name: DESKTOP1
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 1:07:32 PM | Attr = ]
avconsol.exe -> %ProgramFiles%\McAfee\McAfee VirusScan\Avconsol.exe -> Network Associates, Inc. [Ver = 6.01.1008.1 | Size = 151569 bytes | Modified Date = 9/27/2001 6:01:00 AM | Attr = ]
avsynmgr.exe -> %ProgramFiles%\McAfee\McAfee VirusScan\Avsynmgr.exe -> Network Associates, Inc. [Ver = 6.01.1008.1 | Size = 167953 bytes | Modified Date = 9/27/2001 6:01:00 AM | Attr = ]
blackd.exe -> %ProgramFiles%\ISS\BlackICE\blackd.exe -> Internet Security Systems, Inc. [Ver = 3.6.319 | Size = 1229430 bytes | Modified Date = 9/9/2004 1:38:04 PM | Attr = ]
blackice.exe -> %ProgramFiles%\ISS\BlackICE\blackice.exe -> Internet Security Systems, Inc. [Ver = 3.6.320 | Size = 778240 bytes | Modified Date = 5/4/2005 10:14:00 AM | Attr = ]
cpd.exe -> %ProgramFiles%\McAfee\McAfee Firewall\cpd.exe -> Networks Associates, Inc. [Ver = 3.01.1010.0 | Size = 286720 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
cpdclnt.exe -> %ProgramFiles%\McAfee\McAfee Firewall\CPDClnt.exe -> Networks Associates, Inc. [Ver = 3.01.1010.0 | Size = 61440 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
crypserv.exe -> %System32%\Crypserv.exe -> Kenonic Controls Ltd. [Ver = 5.4.0 | Size = 52224 bytes | Modified Date = 6/29/2000 4:45:10 AM | Attr = ]
vsstat.exe -> %ProgramFiles%\McAfee\McAfee VirusScan\VSStat.exe -> [Ver = | Size = 106513 bytes | Modified Date = 9/27/2001 6:01:00 AM | Attr = ]
webscanx.exe -> %ProgramFiles%\McAfee\McAfee VirusScan\WebScanX.exe -> Network Associates, Inc. [Ver = 6.01.1008.1 | Size = 143377 bytes | Modified Date = 9/27/2001 6:01:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 4/10/2007 10:00:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 1:07:32 PM | Attr = ]
(AvSynMgr) AVSync Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\McAfee VirusScan\Avsynmgr.exe -> Network Associates, Inc. [Ver = 6.01.1008.1 | Size = 167953 bytes | Modified Date = 9/27/2001 6:01:00 AM | Attr = ]
(BlackICE) BlackICE [Win32_Own | Auto | Running] -> %ProgramFiles%\ISS\BlackICE\blackd.exe -> Internet Security Systems, Inc. [Ver = 3.6.319 | Size = 1229430 bytes | Modified Date = 9/9/2004 1:38:04 PM | Attr = ]
(Crypkey License) Crypkey License [Win32_Own | Auto | Running] -> %System32%\Crypserv.exe -> Kenonic Controls Ltd. [Ver = 5.4.0 | Size = 52224 bytes | Modified Date = 6/29/2000 4:45:10 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(McAfee Firewall) McAfee Firewall [Win32_Shared | Auto | Running] -> %ProgramFiles%\McAfee\McAfee Firewall\cpd.exe -> Networks Associates, Inc. [Ver = 3.01.1010.0 | Size = 286720 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
(RapApp) RapApp [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ISS\BlackICE\RapApp.exe -> Internet Security Systems, Inc. [Ver = 3.6.25.0 | Size = 684032 bytes | Modified Date = 2/25/2003 7:25:58 PM | Attr = ]

[Registry - Non-Microsoft Only]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\BlackICE PC Protection.lnk -> %ProgramFiles%\ISS\BlackICE\blackice.exe -> Internet Security Systems, Inc. [Ver = 3.6.320 | Size = 778240 bytes | Modified Date = 5/4/2005 10:14:00 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> \blank.htm ->
HKCU: Search Page -> http://www.msn.com/access/allinone.asp ->
HKCU: Start Page -> http://www.myway.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 2:22:10 PM | Attr = ]
CmdMapping [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{3B99F1B0-8249-45BC-8DA7-0195F4B07432} -> (Microsoft® PCI Adapter MN-130) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\CsLsp.dll -> Networks Associates Technologies, Inc. [Ver = 1.00.1027.0 | Size = 80384 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\CsLsp.dll -> Networks Associates Technologies, Inc. [Ver = 1.00.1027.0 | Size = 80384 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\CsLsp.dll -> Networks Associates Technologies, Inc. [Ver = 1.00.1027.0 | Size = 80384 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\CsLsp.dll -> Networks Associates Technologies, Inc. [Ver = 1.00.1027.0 | Size = 80384 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\CsLsp.dll -> Networks Associates Technologies, Inc. [Ver = 1.00.1027.0 | Size = 80384 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\CsLsp.dll -> Networks Associates Technologies, Inc. [Ver = 1.00.1027.0 | Size = 80384 bytes | Modified Date = 9/27/2001 3:01:00 AM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> YInstStarter Class - CodeBase = http://download.yahoo.com/dl/installs/yinst0309.cab ->
{4B48D5DF-9021-45F7-A240-60304302A215} -> Malicious Software Removal Tool - CodeBase = http://download.microsoft.com/download/b/d.../WebCleaner.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1174176874390 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1174176861001 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267943936 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 4/14/2007 4:12:49 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4/5/2007 9:19:17 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 4/6/2007 8:53:02 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4/15/2007 8:48:30 PM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267943936 bytes | Modified Date = 4/19/2007 10:18:06 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/14/2007 10:36:02 PM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 4/14/2007 5:13:32 PM | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 4/2/2007 9:17:10 PM | Attr = ]
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 89391 bytes | Modified Date = 4/15/2007 4:02:52 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 4/5/2007 10:19:18 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/17/2007 11:50:06 PM | Attr = ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 4/6/2007 9:54:18 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/19/2007 10:18:12 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/15/2007 4:01:40 PM | Attr = S]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/6/2007 9:53:04 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/15/2007 12:35:20 AM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/18/2007 11:09:00 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 4/15/2007 5:15:14 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4/15/2007 8:48:30 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 4/17/2007 11:53:52 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/19/2007 10:23:24 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 623 bytes | Modified Date = 4/15/2007 8:48:30 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/19/2007 10:18:16 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/6/2007 9:53:00 AM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 4/14/2007 5:10:12 PM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 4/19/2007 10:22:30 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 55760 bytes | Modified Date = 4/1/2007 11:34:16 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 358674 bytes | Modified Date = 4/1/2007 11:34:16 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 420342 bytes | Modified Date = 4/1/2007 11:34:16 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 4/17/2007 11:06:24 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\atl71.pdb -> [Ver = | Size = 2052096 bytes | Modified Date = 3/18/2003 11:05:48 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PTech , -> %System32%\LegitCheckControl.dll -> Microsoft® Corporation [Ver = 1.3.0254.0 | Size = 520456 bytes | Modified Date = 7/12/2005 7:04:22 PM | Attr = ]
PEC2 , -> %System32%\MFC42.PDB -> [Ver = | Size = 8015872 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFC42D.PDB -> [Ver = | Size = 3944448 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFC42U.PDB -> [Ver = | Size = 7991296 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFC42UD.PDB -> [Ver = | Size = 3952640 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\mfc71.pdb -> [Ver = | Size = 10357760 bytes | Modified Date = 3/19/2003 1:20:00 AM | Attr = ]
PEC2 , -> %System32%\MFC71d.pdb -> [Ver = | Size = 8252416 bytes | Modified Date = 3/19/2003 12:28:40 AM | Attr = ]
PEC2 , -> %System32%\mfc71u.pdb -> [Ver = | Size = 10333184 bytes | Modified Date = 3/19/2003 1:12:12 AM | Attr = ]
PEC2 , -> %System32%\mfc71ud.pdb -> [Ver = | Size = 8293376 bytes | Modified Date = 3/19/2003 12:31:58 AM | Attr = ]
PEC2 , -> %System32%\MFCD42D.PDB -> [Ver = | Size = 2052096 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFCD42UD.PDB -> [Ver = | Size = 2068480 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFCN42D.PDB -> [Ver = | Size = 1454080 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFCN42UD.PDB -> [Ver = | Size = 1462272 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFCO42D.PDB -> [Ver = | Size = 4395008 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
PEC2 , -> %System32%\MFCO42UD.PDB -> [Ver = | Size = 4435968 bytes | Modified Date = 6/17/1998 1:00:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 1:41:38 AM | Attr = ]

< End of report >

#14 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:09:37 PM

Posted 20 April 2007 - 12:28 PM

Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Microsoft MVP Consumer Security--2007-2010

#15 looney2340

looney2340
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:08:37 PM

Posted 21 April 2007 - 05:14 PM

Here is log from panda software i noticed many things found but not everything was disinfected....




Incident Status Location

Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-52dfbbca.zip[Dex.class]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@drivecleaner[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@media.fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@systemdoctor[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@www.drivecleaner[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
Virus:Trj/Metanu.A Disinfected C:\Documents and Settings\Administrator\Desktop\hijackthis\backups\backup-20070404-233745-238.dll
Virus:Trj/Agent.CHF Disinfected C:\Documents and Settings\Administrator\Desktop\WinPFind3u\MovedFiles\WINDOWS\SYSTEM32\pmkllkk.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Administrator\Desktop\WinPFind3u\MovedFiles\WINDOWS\yaaxxv.dll
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\NoadwareBkupTemp\administrator@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\NoadwareBkupTemp\administrator@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\NoadwareBkupTemp\administrator@dist.belnk[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\NoadwareBkupTemp\administrator@stats1.reliablestats[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\NoadwareBkupTemp\administrator@systemdoctor[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\NoadwareBkupTemp\administrator@winantivirus[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\NoadwareBkupTemp\administrator@yadro[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Hank\Cookies\hank@atwola[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Hank\Cookies\hank@cgi-bin[1].txt
Adware:Adware/Borlander Not disinfected C:\Program Files\America Online 9.0\download\oe.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1275OinUninstaller.exe
Virus:Trj/Metanu.A Disinfected C:\QooBox\Quarantine\WINDOWS\system32\tmp343.tmp.dll.vir
Potentially unwanted tool:Application/FunWeb Not disinfected
C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc3\bar\1.bin\F3CJPEG.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected
C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc3\bar\1.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected
C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc3\bar\1.bin\F3PSSAVR.SCR
Potentially unwanted tool:Application/FunWeb Not disinfected
C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc3\bar\1.bin\F3REPROX.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected
C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc3\bar\1.bin\F3RESTUB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected
C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc3\bar\1.bin\F3WPHOOK.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected
C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc3\bar\1.bin\M3SKIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc3\bar\1.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc3\bar\Game\CHECKERS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc3\bar\Game\CHESS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc3\bar\Game\REVERSI.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc3\SrchAstt\1.bin\MWSSRCAS.DLL
Potentially unwanted tool:Application/Need2Find Not disinfected C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc7\bar\1.bin\N2PLUGIN.DLL
Potentially unwanted tool:Application/Need2Find Not disinfected C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc7\bar\1.bin\ND2FNBAR.DLL
Potentially unwanted tool:Application/Need2Find Not disinfected C:\RECYCLER\S-1-5-21-682003330-813497703-842925246-1003\Dc7\bar\1.bin\NPND2FN.DLL
Adware:adware/adroar Not disinfected C:\WINDOWS\artmmp.ini
Adware:adware/keenvalue Not disinfected C:\WINDOWS\system32\drivers\etc\hosts.bho
Potentially unwanted tool:Application/PassRock Not disinfected D:\LAPTOP\ms product key tool\keyfinder.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users