1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hacktool:Exploit/iFrame

Discussion in 'Virus & Other Malware Removal' started by morpheus63, Aug 24, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. morpheus63

    morpheus63 Thread Starter

    Joined:
    Apr 13, 2007
    Messages:
    68
    Hi Guys,

    I've been suspecting that someone or something has hacked my computer, so I did a system scan with panda activescan and this has confirmed my suspicions. Its seems these files are located in Outlook 2000.

    I've been suspicious about this for a few weeks but last night when some of my clients were receiving email failed notices when trying to send me emails - one of them asked if I was using a blackberry phone and whether my emails were being redirected to this phone, to which I answered "no". Therefore it appears that what ever hacker tool is lurking in Outlook could be redirecting my emails to someone else. This is only my assumption and I would like someone to confirm if this is in fact correct.

    Can someone help to remove all the hacking tools in Outlook 2000, and also the spyware that activescan has picked up.

    I have attached the results of activescan and also a hijackthis log file. Both are attached in notepad.

    Thanks.

    Kind Regards,
    Brian
     

    Attached Files:

  2. morpheus63

    morpheus63 Thread Starter

    Joined:
    Apr 13, 2007
    Messages:
    68
    Hi,

    Just while I'm waiting for a response to this post I thought I'd update you so you have more information to better help me.

    Its seems that the email diversion I mentioned in my previous post is in fact incorrect - it seems the problem is my service provider. However my system has been extremely slow and I feel their is a problem which is highlighted in the ActiveScan log file.

    I would like someone to look at the attached log files and help me to remove the spyware, hacking tools and adware that seems to be causing these problems.

    I have removed the 3 emails which were classed as Hacktool:Exploit/iFrame, however all 3 emails had no information in the body of the email - it was blank. I'm not sure what this means but I thought I'd mention it anyway.

    I look forward to hearing from someone.

    Thanks,
    Brian
     
  3. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Hi morpheus63

    The hacking tools were Disinfected so they were deleted by the Panda online scanner

    You have received some infected emails that should be deleted from your computer.
    Please perform these instructions to get rid of them: (If you had not done so)
    1. Close all programs so that you have nothing open and are at the Desktop.
    2. Launch your email application.
    3. Look through the list of emails in your Inbox and delete all those that appear to be Mail Delivery failure or similar.
    4. Empty your Deleted Items folder.

    Please do not Attach logs, it's harder to read this way.:)

    Download and install AVG Anti-Spyware v7.5
    • After download, double click on the file to launch the install process.
    • Choose a language, click "OK" and then click "Next".
    • Read the "License Agreement" and click "I Agree".
    • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
    • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
    • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them.
    • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update".
      Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
    • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
    Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them inaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

    Scan with AVG Anti-Spyware as follows:
    • Click on the "Scanner" button and choose the "Settings" tab.
    • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    • Under "How to Scan? ", "Possibly unwanted software", and What to Scan?" leave all the default settings.
    • Under "Reports" select "Do not automatically generate reports".
    • Click the "Scan" tab to return to scanning options.
    • Click "Complete System Scan" to start.
    • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
    • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
    IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
    • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    • Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.
    Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

    AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG Anti-Spyware with its real-time protection disabled. Once your system is clean you may re-enable it so you can continue using this feature for the remainder of the trial period.

    In your next reply, please include these log(s):

    * AVG Anti-Spyware report
    * HijackThis log (new)
     
  4. morpheus63

    morpheus63 Thread Starter

    Joined:
    Apr 13, 2007
    Messages:
    68
    Hi Kenny94,

    Thanks for your response.:)

    Just to clarify that the hacking tools could not have been deleted by Panda Online Scanner because it states next to each item "not disenfected".

    I wasnt able to run AVG Anti-Spyware in Safe Mode because I could not find the icon in this mode even after following your instructions - so I had to run it in normal mode.

    I have attached a log file for both AVG Anti-Spyware and HijackThis as you requested.

    Thanks

    Kind Regards,
    Brian
    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:46:33 PM 10/09/2007

    + Scan result:



    :mozilla.64:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.66:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.69:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.109:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.110:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.111:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.112:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.39:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.40:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.41:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.42:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.43:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.65:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.67:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.68:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.70:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.58:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.59:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.103:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.104:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.105:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.106:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.107:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.108:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.29:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.30:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.31:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.32:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.33:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.34:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.35:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.36:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.37:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.78:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.79:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.80:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.81:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.82:C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

    Logfile of HijackThis v1.99.1
    Scan saved at 10:52:46 PM, on 10/09/2007
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZONELABS\vsmon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\WINNT\System32\mgabg.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\inetsrv\inetinfo.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\PDesk\PDesk.exe
    C:\WINNT\soundman.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Evidence Eliminator\ee.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Common Files\efax\Dllcmd32.exe
    C:\Program Files\Common Files\efax\HotTray.exe
    C:\Program Files\pdaBusiness\Qlock\Qlock.exe
    C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\WINNT\System32\svchost.exe
    D:\Setup Software\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cable.optusnet.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\MSN Messenger\msnmsgr.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles/fjfe8quz.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
    O4 - Startup: Shortcut to Fax.lnk = ?
    O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
    O4 - Global Startup: Qlock.lnk = C:\Program Files\pdaBusiness\Qlock\Qlock.exe
    O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted IP range: 206.161.125.149 (HKLM)
    O16 - DPF: BGL WebBanking - https://ebanking.bgl.lu/classes/dubgl.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {11A724DE-E7C8-1759-23F1-5D20243861E5} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {297CD482-9C4E-32BC-87F5-384B5DEC8306} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3C77EFAC-7667-4A9A-2533-0A47481A754F} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {3E18C866-5E9F-25B7-96A5-728D2F42EC79} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {453EFBEE-46D5-2272-70A7-3FD45CF69BD6} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {512ED6BC-ECB1-1B3C-26F9-78005CB5CF13} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {58116E9D-4952-2A46-EAED-1B1677A6C564} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {59D22F56-F3CC-465F-2F5E-3EA33E388832} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123032575281
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {6BCB8C39-E119-6580-BDB7-62C500FE06A9} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {708D93A6-A816-755E-606A-0DEC67D98B85} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {781D5EA7-BD54-6323-F47B-53A559038A5D} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {7A1AF77F-6743-4938-96E3-09D25EAB9EA2} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
    O16 - DPF: {7EBC6081-586C-6492-E962-783562E03B4D} - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://sunshinecoast.worldtourism.com.au/Shearwater/virtual/svideo3.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} - http://www.tradeexit.com/Config.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FDF08AD8-FF1A-11D3-AD38-00105A49098D} (MSSignData Control) - https://www.rbworld.lv/bankworld/en/external/Applets/MSSignData.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
     
  5. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Hi morpheus63

    Yeah! I see now.. I'm on my home computer now, that Panda online scanner said "not disenfected" ....:eek:

    Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC?s (family PC?s) present a different problem; please tell me if your PC has more than one individual?s setting, but continue with the fix.


    Lets play it safe and download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, mark the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow at the right, and the scan will start.
    • Click 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

    In your next reply, please include these log(s):

    Dr.Web Cureit.
    Deckard's System Scanner contents
     
  6. morpheus63

    morpheus63 Thread Starter

    Joined:
    Apr 13, 2007
    Messages:
    68
    Hi Kenny94,

    I do have Administrator rights but I logged into my main identity to use Safe Mode on this occasion. This PC is only used by myself under the main identity. I never use the Administrator identity to work from, only my main identity.

    Dr Web Curit scan produced no results therefore no report was generated.

    The 2 reports from DSS are below as requested. I will need to create 2 posts because there are too many characters for one post. The main.txt is below and the extra.txt will be in the 2nd post.

    Thanks again.

    Kind Regards,
    Brian

    Deckard's System Scanner v20070905.67
    Run by Brian on 2007-09-12 08:07:55
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Backed up registry hives.
    Performed disk cleanup.

    Percentage of Memory in Use: 85% (more than 75%).


    -- HijackThis (run as Brian.exe) -----------------------------------------------

    Unable to find log (file not found); running clone.
    -- HijackThis Clone ------------------------------------------------------------

    Emulating logfile of HijackThis v1.99.1
    Scan saved at 2007-09-12 08:08:41
    Platform: Windows 2000 Service Pack 3 (5.00.2195)
    MSIE: Internet Explorer (6.00.2800.1106)

    Running processes:
    C:\WINNT\system32\SMSS.EXE
    C:\WINNT\system32\WINLOGON.EXE
    C:\WINNT\system32\SERVICES.EXE
    C:\WINNT\system32\LSASS.EXE
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
    C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\WINNT\system32\mgabg.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\tcpsvcs.exe
    C:\WINNT\system32\snmp.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\wbem\WinMgmt.exe
    C:\WINNT\system32\MsPMSPSv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\inetsrv\inetinfo.exe
    C:\WINNT\explorer.exe
    C:\WINNT\system32\PDesk\pdesk.exe
    C:\WINNT\soundman.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Evidence Eliminator\Ee.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINNT\system32\CTFMON.EXE
    C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Common Files\efax\Dllcmd32.exe
    C:\Program Files\Common Files\efax\HotTray.exe
    C:\Program Files\pdaBusiness\Qlock\Qlock.exe
    C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Grisoft\AVG Free\avgw.exe
    C:\Documents and Settings\brian.PENTIUM4\Desktop\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cable.optusnet.com.au/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://ie.search.msn.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKEY_LOCAL_MACHINE\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKEY_LOCAL_MACHINE\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
    O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] soundman.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [LoadQM] loadqm.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [POINTER] point32.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKEY_LOCAL_MACHINE\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\MSN Messenger\msnmsgr.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles/fjfe8quz.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
    O4 - Startup: Shortcut to Fax.lnk =
    O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\EspMain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
    O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
    O4 - Global Startup: Qlock.lnk = C:\Program Files\pdaBusiness\Qlock\Qlock.exe
    O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O10 - Unknown file in Winsock LSP: C:\WINNT\system32\winrnr.dll
    O15 - Trusted Zone: *.*.windowsupdate.microsoft.com (HKCU)
    O15 - Trusted Zone: https://*.update.microsoft.com (HKCU)
    O15 - Trusted Zone: https://download.windowsupdate.com (HKCU)
    O15 - Trusted IP Range: 206.161.125.149 (HKEY_LOCAL_MACHINE)
    O16 - DPF: BGL WebBanking () - https://ebanking.bgl.lu/classes/dubgl.cab
    O16 - DPF: Yahoo! Chat () - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/voxacm.CAB
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {11A724DE-E7C8-1759-23F1-5D20243861E5} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {297CD482-9C4E-32BC-87F5-384B5DEC8306} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
    O16 - DPF: {3C77EFAC-7667-4A9A-2533-0A47481A754F} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {3E18C866-5E9F-25B7-96A5-728D2F42EC79} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
    O16 - DPF: {453EFBEE-46D5-2272-70A7-3FD45CF69BD6} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {512ED6BC-ECB1-1B3C-26F9-78005CB5CF13} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {58116E9D-4952-2A46-EAED-1B1677A6C564} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {59D22F56-F3CC-465F-2F5E-3EA33E388832} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123032575281
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {6BCB8C39-E119-6580-BDB7-62C500FE06A9} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {708D93A6-A816-755E-606A-0DEC67D98B85} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {781D5EA7-BD54-6323-F47B-53A559038A5D} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {7A1AF77F-6743-4938-96E3-09D25EAB9EA2} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
    O16 - DPF: {7EBC6081-586C-6492-E962-783562E03B4D} () - http://64.237.41.215/1/rdgAU409.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37897.7801388889
    O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) - http://java.sun.com/products/plugin/autodl/jinstall-1_4_2-windows-i586.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://sunshinecoast.worldtourism.com.au/Shearwater/virtual/svideo3.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} () - http://www.tradeexit.com/Config.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O16 - DPF: {FDF08AD8-FF1A-11D3-AD38-00105A49098D} (MSSignData Control) - https://www.rbworld.lv/bankworld/en/external/Applets/MSSignData.cab
    O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
    O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O20 - Winlogon Notify: sclgntfy - C:\WINNT\system32\sclgntfy.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe


    -- File Associations -----------------------------------------------------------

    .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R2 ousbehci (NEC PCI to USB Enhanced Host Controller) - c:\winnt\system32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
    R2 Sentinel - c:\winnt\system32\drivers\sentinel.sys
    R3 G550DH - c:\winnt\system32\drivers\g550dhm.sys <Not Verified; Matrox Graphics Inc.; Matrox G550DH Miniport Driver>
    R3 ousb2hub (OrangeWare USB 2.0 Root Hub Support) - c:\winnt\system32\drivers\ousb2hub.sys <Not Verified; OrangeWare Corporation; USB 2.0 Hub Driver>
    R3 WinDriver (WinDriver kernel module) - c:\winnt\system32\drivers\windrvr.sys <Not Verified; Jungo; WinDriver Device Driver>

    S3 ichaud (Service for AC'97 Driver (WDM)) - c:\winnt\system32\drivers\ichaud.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    S3 UtilNT - c:\winnt\system32\drivers\utilnt.sys <Not Verified; Matrox Graphics Inc.; Matrox Graphics Inc. UtilNt>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Iprip (RIP Listener) - c:\winnt\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    R2 MGABGEXE - c:\winnt\system32\mgabg.exe <Not Verified; Matrox Graphics Inc.; Matrox Graphics Inc. MGABG>
    R2 SimpTcp (Simple TCP/IP Services) - c:\winnt\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>

    S3 LPDSVC (TCP/IP Print Server) - c:\winnt\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2003-09-29 10:28:32 390 --a------ C:\WINNT\Tasks\{B4F7C33D-C938-44E0-AEC3-FC86B6031AE5}_PENTIUM4_Brian.job
    2003-09-29 10:28:32 390 --a------ C:\WINNT\Tasks\{A8568C7B-F922-433E-B6A1-5D16074C2EFE}_PENTIUM4_Brian.job
    2003-09-29 10:28:32 390 --a------ C:\WINNT\Tasks\{1CF3BEC5-7FAE-4661-93DD-15B82C03A4D1}_PENTIUM4_Brian.job
    2003-09-29 10:25:56 390 --a------ C:\WINNT\Tasks\{6AB86C6E-3C53-4EB8-BE58-F74521F9D5C9}_PENTIUM4_Brian.job
    2003-09-29 10:25:56 390 --a------ C:\WINNT\Tasks\{67D64908-BDC5-40C7-93C1-0C86D33D116F}_PENTIUM4_Brian.job
    2003-09-29 10:25:56 390 --a------ C:\WINNT\Tasks\{0BE2E5BF-80C6-47F9-B263-B9898B64ECD1}_PENTIUM4_Brian.job
    2003-09-29 10:25:20 390 --a------ C:\WINNT\Tasks\{EF52F857-561A-4EC1-BC54-2237AAE0987A}_PENTIUM4_Brian.job
    2003-09-29 10:25:20 390 --a------ C:\WINNT\Tasks\{85400A5E-9476-4F30-B0E9-F5E949BBAE3F}_PENTIUM4_Brian.job
    2003-09-29 10:25:20 390 --a------ C:\WINNT\Tasks\{59F5F76B-27C1-4B80-8ED5-1517B1F6A84F}_PENTIUM4_Brian.job
    2003-08-22 13:36:20 390 --a------ C:\WINNT\Tasks\{FA426FDA-4D3E-4184-9D8D-0FBF9E3F058C}_PENTIUM4_Brian.job
    2003-08-22 13:36:20 390 --a------ C:\WINNT\Tasks\{F826C570-7D68-4288-9C65-54D7FB3055B2}_PENTIUM4_Brian.job
    2003-08-22 13:36:20 390 --a------ C:\WINNT\Tasks\{BCAA8661-60D9-49B1-8EEC-667B6E57DC1B}_PENTIUM4_Brian.job


    -- Files created between 2007-08-12 and 2007-09-12 -----------------------------

    2007-09-11 13:11:47 0 d-------- C:\Documents and Settings\brian.PENTIUM4\DoctorWeb
    2007-09-11 08:14:56 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3fc.dat
    2007-09-11 08:14:39 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_718.dat
    2007-09-11 08:11:29 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3b4.dat
    2007-09-10 23:09:10 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_3d0.dat
    2007-09-10 21:44:29 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_3b0.dat
    2007-09-10 16:47:39 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_3a0.dat
    2007-09-10 16:45:12 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_548.dat
    2007-09-10 16:25:23 0 d-------- C:\Documents and Settings\brian.PENTIUM4\Application Data\Grisoft
    2007-09-07 14:46:04 0 d-------- C:\FOUND.029
    2007-09-05 15:00:06 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_8f8.dat
    2007-09-04 07:59:24 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_3e8.dat
    2007-09-04 07:54:11 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_39c.dat
    2007-09-03 14:49:13 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_3ac.dat
    2007-08-26 18:32:08 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_37c.dat
    2007-08-25 09:04:10 0 d-------- C:\WINNT\system32\ActiveScan
    2007-08-25 00:23:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-08-25 00:23:47 0 d-------- C:\Program Files\SUPERAntiSpyware
    2007-08-25 00:23:47 0 d-------- C:\Documents and Settings\brian.PENTIUM4\Application Data\SUPERAntiSpyware.com
    2007-08-24 10:55:08 8 --a------ C:\WINNT\sess_422014349b4ed3f9b3ddc055240759fc
    2007-08-24 10:20:56 8 --a------ C:\WINNT\sess_68ec20e8c236b94855fc81b9a8681319
    2007-08-23 22:09:41 8 --a------ C:\WINNT\sess_106e7e0b9408be5e15b4d5b16f7bc75d
    2007-08-23 13:33:20 8 --a------ C:\WINNT\sess_a417cd28f768ebe812ff9b17681ece2d
    2007-08-23 09:07:35 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_3bc.dat
    2007-08-22 12:44:37 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_370.dat
    2007-08-22 00:36:19 8 --a------ C:\WINNT\sess_f43b7eca6df2fa07a2483272683f60e9
    2007-08-21 22:52:58 8 --a------ C:\WINNT\sess_5699f5371f2f1bead1455c65d0b13deb
    2007-08-21 13:50:13 0 d-------- C:\Program Files\Instant Niche Site Builder
    2007-08-18 09:12:18 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_3a8.dat
    2007-08-17 16:26:49 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_38c.dat
    2007-08-17 11:20:44 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_374.dat
    2007-08-15 20:50:16 0 d-------- C:\Program Files\Common Files\Skype
    2007-08-13 13:29:45 8 --a------ C:\WINNT\sess_31c2c95a845c1bbb89caea1b88658f30


    -- Find3M Report ---------------------------------------------------------------

    2007-09-11 19:19:06 4212 ---h----- C:\WINNT\system32\zllictbl.dat
    2007-08-15 09:24:04 926950 ---h----- C:\WINNT\ShellIconCache
    2007-08-01 23:54:08 8 --a------ C:\WINNT\sess_d8bf9b9d124d117e4564aad1152a31a0
    2007-07-28 00:12:34 8 --a------ C:\WINNT\sess_dbdcf7ceef86718807ee494a9fe02060
    2007-07-25 13:45:24 8 --a------ C:\WINNT\sess_0ba0e0e5412a06a30f3bde43024cf90f
    2007-07-15 09:16:08 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_384.dat
    2007-07-15 00:23:14 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_36c.dat
    2007-07-03 12:07:32 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_390.dat
    2007-06-27 17:29:24 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_3c4.dat
    2007-06-26 09:49:50 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_380.dat
    2007-06-25 13:00:40 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_3c0.dat
    2007-06-23 18:52:48 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_368.dat
    2007-06-23 18:39:52 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_3b8.dat
    2007-06-23 17:52:10 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_2b4.dat
    2007-06-23 17:49:16 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_4a8.dat
    2007-06-23 17:36:12 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_4bc.dat
    2007-06-23 17:24:56 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_32c.dat
    2007-06-23 17:04:08 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_4c0.dat
    2007-06-23 17:01:52 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_324.dat
    2007-06-23 16:55:58 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_2e0.dat
    2007-06-23 16:52:06 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_2cc.dat
    2007-06-23 16:50:20 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_2c4.dat
    2007-06-23 16:48:32 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_2d8.dat
    2007-06-23 16:20:30 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_2bc.dat
    2007-06-23 15:42:56 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_2d4.dat
    2007-06-23 15:39:28 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_200.dat
    2007-06-23 14:50:32 512 --a------ C:\ScanSectorLog.dat
    2007-06-21 21:33:38 16384 --a------ C:\WINNT\system32\Perflib_Perfdata_308.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [07/12/99 12:00p C:\WINNT\system32\mobsync.exe]
    "Matrox Powerdesk"="C:\WINNT\System32\PDesk\PDesk.exe" [14/02/02 02:22p]
    "SoundMan"="soundman.exe" [29/05/01 07:02p C:\WINNT\soundman.exe]
    "LoadQM"="loadqm.exe" [03/05/00 05:23p C:\WINNT\loadqm.exe]
    "POINTER"="point32.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [09/11/06 03:07p]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [19/09/04 05:24p]
    "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [09/07/01 10:50a]
    "NWEReboot"="" []
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/05 11:46p]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [17/08/07 09:42a]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [14/06/06 04:24p]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/04 11:10a]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/09/06 06:33p]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/03/07 12:02a]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/07 07:25p]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Evidence Eliminator"="C:\Program Files\Evidence Eliminator\ee.exe" [28/11/03 03:01p]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [19/08/05 07:34p]
    "MSMSGS"="C:\Program Files\MSN Messenger\msnmsgr.exe" [14/06/05 10:05a]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [14/06/05 10:05a]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [23/04/03 08:43a]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [06/08/07 12:43p]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/05/05 01:04a]
    "ctfmon.exe"="ctfmon.exe" [20/02/01 01:09p C:\WINNT\system32\CTFMON.EXE]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "FFTI"=C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles/fjfe8quz.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"




    -- End of Deckard's System Scanner: finished at 2007-09-12 08:13:18 ------------
     
  7. morpheus63

    morpheus63 Thread Starter

    Joined:
    Apr 13, 2007
    Messages:
    68
    Deckard's System Scanner v20070905.67
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows 2000 Professional (build 2195) SP 3.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 1.80GHz
    Percentage of Memory in Use: 91%
    Physical Memory (total/avail): 511.48 MiB / 44.64 MiB
    Pagefile Memory (total/avail): 1245.95 MiB / 663.13 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1983.34 MiB

    A: is Removable (No Media)
    C: is Fixed (FAT32) - 37.26 GiB total, 15.26 GiB free.
    D: is Fixed (FAT32) - 37.26 GiB total, 0.81 GiB free.
    E: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD400BB-32CAA0 - 37.27 GiB - 1 partition
    \PARTITION0 (bootable) - Unknown - 37.27 GiB - C:

    \\.\PHYSICALDRIVE1 - WDC WD400BB-32CLB0 - 37.27 GiB - 1 partition
    \PARTITION0 - Unknown - 37.27 GiB - D:



    -- Security Center -------------------------------------------------------------

    AUOptions is disabled.


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\brian.PENTIUM4\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=PENTIUM4
    ComSpec=C:\WINNT\system32\cmd.exe
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\brian.PENTIUM4
    LOGONSERVER=\\PENTIUM4
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Os2LibPath=C:\WINNT\system32\os2\dll;
    Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;;;;;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0204
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
    SystemDrive=C:
    SystemRoot=C:\WINNT
    TEMP=C:\DOCUME~1\BRIAN~1.PEN\LOCALS~1\Temp
    TMP=C:\DOCUME~1\BRIAN~1.PEN\LOCALS~1\Temp
    tvdumpflags=8
    USERDOMAIN=PENTIUM4
    USERNAME=Brian
    USERPROFILE=C:\Documents and Settings\brian.PENTIUM4
    windir=C:\WINNT


    -- User Profiles ---------------------------------------------------------------

    brian (new local)
    brian.PENTIUM4 (admin)
    Eagles (new local)
    Administrator (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
    --> C:\WINNT\UNNeroVision.exe /UNINSTALL
    --> C:\WINNT\UNNMP.exe /UNINSTALL
    --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
    3D Studio MAX R3 --> C:\WINNT\uninst.exe -fC:\3DSMAX3\DeIsL2.isu
    Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\INSTALL.LOG
    Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe Acrobat Reader for Pocket PC 1.0 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Microsoft ActiveSync\Adobe\Uninst.isu" -c"C:\Program Files\Adobe\Acrobat Reader for Pocket PC\UnInstall.dll"
    Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Photoshop 7.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
    Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
    Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
    Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
    Atomic Clock Sync --> C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
    AutoPilotRiches Companion --> MsiExec.exe /X{B824C1E6-29C6-4B9E-9B65-7548A011061D}
    Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
    AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
    Canon iP5200 --> C:\WINNT\system32\CNMCP79.exe "-PRINTERNAMECanon iP5200" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon iP5200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
    Canon PhotoRecord --> MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
    Canon Setup Utility 2.0 --> "C:\Program Files\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.0\uninst.ini
    Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
    Canon Utilities Easy-PrintToolBox --> C:\WINNT\BJPSUNST.EXE
    CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
    DivX Codec --> C:\WINNT\unvise32.exe C:\Program Files\DivX\DivX Codec\uninstal.log
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
    Dynacrypt 5 --> MsiExec.exe /I{753E0BF0-C4F1-11D4-A3B0-0008C7794879}
    Easy-WebPrint --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
    eFax Messenger Plus --> C:\PROGRA~1\EFAXME~1\UNINST.EXE
    EPSON SMART PANEL for Scanner --> C:\WINNT\uninst.exe -f"C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\DeIsL1.isu"
    Evidence Eliminator --> C:\PROGRA~1\EVIDEN~1\UNWISE.EXE C:\PROGRA~1\EVIDEN~1\INSTALL.LOG
    Good Keywords v2.01.120706 --> "C:\Program Files\Softnik Technologies\Good Keywords v2.01\unins000.exe"
    GoToMeeting/GoToWebinar 3.0.0.190 --> C:\Program Files\Citrix\GoToMeeting\190\G2MUninstall.exe /uninstall
    GPL Ghostscript 8.50 --> c:\gs\uninstgs.exe "c:\gs\gs8.50\uninstal.txt"
    GPL Ghostscript Fonts --> c:\gs\uninstgs.exe "c:\gs\fonts\uninstal.txt"
    Hexagon Version 6.32 --> C:\WINNT\IsUninst.exe -fC:\HEX0632\Uninst.isu -cC:\HEX0632\PGM\UNINST.DLL
    HijackThis 1.99.1 --> D:\Setup Software\hijackthis\HijackThis.exe /uninstall
    HotTopicMediaQuizzMaker 1.08 --> "c:\HotTopicMediaQuizzMaker\unins000.exe"
    InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
    InterVideo WinDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
    iPresentation Mobile Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57902BBA-4E6B-4655-9130-D8D627AF298F}\Setup.exe" -l0x9
    iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
    J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
    J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
    J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
    Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
    Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
    Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    LeechFTP --> C:\WINNT\eraser.exe KILL "C:\Program Files\LeechFTP\uninstall.uif"
    Lemmings for Windows 95 --> C:\Program Files\WinLemm\wlvsun10.exe uninstall
    Macromedia Shockwave Player --> C:\WINNT\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~2\Install.log
    Manx TT SuperBike --> C:\WINNT\uninst.exe -fC:\Sega\ManxTT\DeIsL1.isu
    Matrox Graphics Software (remove only) --> C:\WINNT\System32\PDesk\PDUninst.exe
    Microsoft .NET Framework 2.0 --> C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft ActiveSync 3.7 --> "C:\WINNT\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
    Microsoft Data Access Components KB870669 --> C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
    Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
    Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
    Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
    Microsoft Publisher 2002 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
    Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Firefox (2.0.0.6) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
    MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
    MSN Messenger Update for Windows Mobile 2003 based Pocket PCs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CF56B6FC-F26B-4493-802B-2E5EA74DC775}
    Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
    OLYMPUS CAMEDIA Master 4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.2
    Package:GLOBAL ONE CHARTS --> C:\Program Files\GLOBAL ONE CHARTS\Uninst.exe
    Panda ActiveScan --> C:\WINNT\system32\ASUninst.exe Panda ActiveScan
    PrintKey2000 --> C:\PROGRA~1\PRINTK~1\UNWISE.EXE C:\PROGRA~1\PRINTK~1\INSTALL.LOG
    Qlock 1.44 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\pdaBusiness\Qlock\Uninst.isu"
    QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Registry Mechanic --> "C:\Program Files\Registry Mechanic\unins000.exe"
    Resource Center V1.3 --> MsiExec.exe /X{9C8EE3B8-30A0-49BB-A6ED-DF88200A17BA}
    Sentinel System Driver --> C:\WINNT\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
    Shockwave --> C:\WINNT\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~1\Install.log
    Skype&#8482; 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Skype&#8482; for Pocket PC 2.0 --> "C:\Program Files\Microsoft ActiveSync\Skype for Pocket PC\unins000.exe"
    SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
    Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
    Squeeze Page Generator --> C:\PROGRA~1\SQUEEZ~1\UNWISE.EXE C:\PROGRA~1\SQUEEZ~1\INSTALL.LOG
    Toolbar Software --> "C:\Program Files\IETB\unins000.exe"
    Turbo Lister 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
    Windows Media Player 9 Hotfix [See KB885492 for more information] --> C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe
    Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
    WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
    xp-AntiSpy (nur entfernen) --> "C:\Program Files\xp-AntiSpy\uninstall.exe"
    Yahoo! extras --> C:\PROGRA~1\YAHOO!\COMMON\unyext.exe
    Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
    ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type8203 / Warning
    Event Submitted/Written: 09/11/2007 08:12:40 AM
    Event ID/Source: 61 / WinMgmt
    Event Description:
    WMI ADAP was unable to process the RemoteAccess performance library due to a time violation in the open function

    Event Record #/Type8199 / Error
    Event Submitted/Written: 09/11/2007 00:22:38 AM
    Event ID/Source: 1000 / Userenv
    Event Description:
    Windows cannot unload your registry class file. If you have a roaming profile, your settings are not replicated. Contact your administrator.

    DETAIL Access is denied. , Build number ((2195)).

    Event Record #/Type8198 / Warning
    Event Submitted/Written: 09/10/2007 11:36:20 PM
    Event ID/Source: 61 / WinMgmt
    Event Description:
    WMI ADAP was unable to process the RemoteAccess performance library due to a time violation in the open function

    Event Record #/Type8194 / Error
    Event Submitted/Written: 09/10/2007 11:32:30 PM
    Event ID/Source: 1000 / Userenv
    Event Description:
    Windows cannot unload your registry class file. If you have a roaming profile, your settings are not replicated. Contact your administrator.

    DETAIL Access is denied. , Build number ((2195)).

    Event Record #/Type8193 / Warning
    Event Submitted/Written: 09/10/2007 11:10:26 PM
    Event ID/Source: 61 / WinMgmt
    Event Description:
    WMI ADAP was unable to process the RemoteAccess performance library due to a time violation in the open function



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type8898 / Error
    Event Submitted/Written: 09/11/2007 01:37:35 PM
    Event ID/Source: 1002 / Dhcp
    Event Description:
    The IP address lease 192.168.2.6 for the Network Card with network address 0010B50FAA43 has been
    denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

    Event Record #/Type8896 / Error
    Event Submitted/Written: 09/11/2007 01:16:26 PM
    Event ID/Source: 1002 / Dhcp
    Event Description:
    The IP address lease 192.168.2.3 for the Network Card with network address 0010B50FAA43 has been
    denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

    Event Record #/Type8892 / Warning
    Event Submitted/Written: 09/11/2007 08:16:08 AM
    Event ID/Source: 2013 / Srv
    Event Description:
    The D: disk is at or near capacity. You may need to delete some files.

    Event Record #/Type8891 / Error
    Event Submitted/Written: 09/11/2007 08:13:29 AM
    Event ID/Source: 7022 / Service Control Manager
    Event Description:
    The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.

    Event Record #/Type8884 / Warning
    Event Submitted/Written: 09/10/2007 11:39:38 PM
    Event ID/Source: 2013 / Srv
    Event Description:
    The D: disk is at or near capacity. You may need to delete some files.



    -- End of Deckard's System Scanner: finished at 2007-09-12 08:13:18 ------------
     
  8. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Hi morpheus63

    As of now I'm getting something verify, but for now please do the following:

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.

    No need to post a HijackThis log or a reply. I'll be back shortly..:)
     
  9. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Posted Activescan for easy viewing

    Incident Status Location

    Spyware:spyware/betterinet Not disinfected c:\winnt\inf\BIINI.INF
    Adware:adware/ncase Not disinfected c:\winnt\DIDDUID.INI
    Adware:adware/cws.searchmeup Not disinfected c:\winnt\TOOLBAR.EXE
    Adware:adware/searchexe Not disinfected Windows Registry
    Adware:Adware/DNSErr Not disinfected C:\WINNT\DNSE.DLL
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[.casalemedia.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[.bs.serving-sys.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[ad.yieldmanager.com/]
    Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[.clickbank.net/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[.adrevolver.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[.realmedia.com/]
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[www.myaffiliateprogram.com/]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected D:\Setup Software\ComboFix\ComboFix.exe[ComboFixT\nircmd.exe]
    Potentially unwanted tool:Application/BrilliantDigital Not disinfected D:\Old P3 15_01_2003\My Installations\BDCORE.DLL
    Hacktool:Exploit/iFrame Not disinfected Personal Folders\Inbox\Christmas List
    Hacktool:Exploit/iFrame Not disinfected Personal Folders\Inbox\Advice
    Hacktool:Exploit/iFrame Not disinfected Personal Folders\Inbox\RE: Members Training Members

    Your logs look good and you did removed the bad files/emails above. And there's no hacking tools (activescan calls it this) or malware. How your computer running now?
     
  10. morpheus63

    morpheus63 Thread Starter

    Joined:
    Apr 13, 2007
    Messages:
    68
    Hi Kenny94,

    I've completed the update for Java Runtime. All seems okay.

    The system also seems to be running okay however I'm concerned about the following spyware located by activescan.

    Can you explain why these are unable to be disinfected?

    I've removed the potentially harmful emails and most of the other items picked up by activescan are only cookies, but my main concern is the DLL, EXE, INF and INI file extensions as highlighted above.

    Thanks again.

    Kind Regards,
    Brian
     
  11. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Hi morpheus63

    Activescan will not remove some or most items these days. And Activescan has shown false positives.. It manly shows us files and so forth.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    You will need to enable hidden files and folders by doing the following:
    Windows XP

    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these Files (if present):

    c:\winnt\inf\BIINI.INF
    c:\winnt\DIDDUID.INI
    c:\winnt\TOOLBAR.EXE
    C:\WINNT\DNSE.DLL


    Reboot back to normal windows.
     
  12. morpheus63

    morpheus63 Thread Starter

    Joined:
    Apr 13, 2007
    Messages:
    68
    Hi Kenny94,

    I've deleted the items as suggested but I did not delete c:\winnt\TOOLBAR.EXE because this may be a tool bar that I've installed on IE. Can you please confirm that this is the case?

    However I'm unsure about this file: Adware:adware/searchexe - the Panda online scanner claims its in the windows registry. Can you explain what this does?

    I've included a copy of the current Panda online scan below for your perusal.

    Kind Regards,
    Brian



    Incident Status Location

    Adware:adware/cws.searchmeup Not disinfected c:\winnt\TOOLBAR.EXE
    Adware:adware/searchexe Not disinfected Windows Registry
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[ad.yieldmanager.com/]
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[.errorsafe.com/]
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[www.errorsafe.com/]
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[.errorsafe.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[.casalemedia.com/]
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[.888.com/]
    Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[.clickbank.net/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\brian.PENTIUM4\Application Data\Mozilla\Firefox\Profiles\fjfe8quz.default\COOKIES.TXT[.com.com/]
    Spyware:Spyware/BetterInet Not disinfected C:\Recycled\Dc8.inf
    Adware:Adware/DNSErr Not disinfected C:\Recycled\Dc10.dll
    Potentially unwanted tool:Application/NirCmd.A Not disinfected D:\Setup Software\ComboFix\ComboFix.exe[ComboFixT\nircmd.exe]
    Potentially unwanted tool:Application/BrilliantDigital Not disinfected D:\Old P3 15_01_2003\My Installations\BDCORE.DLL
     
  13. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Hi morpheus63

    you should remove it:

    http://www.pandasecurity.com/homeus...ware/encyclopedia/overview.aspx?idvirus=57329

    Again it's the same variant
    http://research.sunbelt-software.com/threatdisplay.aspx?name=SearchExe Hijacker&threatid=10900

    I really DO NOT like to run two scanners, as we did with AVG, but in your case I feel we should.

    Please download SUPERAntiSpyware Home Edition (free version)
    • Install it and double-click the icon on your desktop to run it.
    • It will ask if you want to update the program definitions, click Yes.
    • Under Configuration and Preferences, click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked:
      • Close browsers before scanning
      • Scan for tracking cookies
      • Terminate memory threats before quarantining.
      • Please leave the others unchecked.
      • Click the Close button to leave the control center screen.
    • On the main screen, under Scan for Harmful Software click Scan your computer.
    • On the left check C:\Fixed Drive.
    • On the right, under Complete Scan, choose Perform Complete Scan.
    • Click Next to start the scan. Please be patient while it scans your computer.
    • After the scan is complete a summary box will appear. Click OK.
    • Make sure everything in the white box has a check next to it, then click Next.
    • It will quarantine what it found and if it asks if you want to reboot, click Yes.
    • To retrieve the removal information for me please do the following:
      • After reboot, double-click the SUPERAntispyware icon on your desktop.
      • Click Preferences. Click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • It will open in your default text editor (such as Notepad/Wordpad).
      • Please highlight everything in the notepad, then right-click and choose copy.
    • Click close and close again to exit the program.
    • Save the log information. And paste this info along with your HijackThis log.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads
  1. Himanshu
    Replies:
    7
    Views:
    1,160
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/614885