1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

need help, system32/aux trojan

Discussion in 'Virus & Other Malware Removal' started by pnw1979, Aug 10, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. pnw1979

    pnw1979 Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    19
    Hi All,

    I really need your help... 2 days ago, my Symantec antivirus started giving me pop-ups about finding a trojan
    Scan type: Auto-Protect Scan
    Event: Threat Found!
    Threat: Trojan Horse
    File: C:\WINDOWS\system32\aux
    Location: C:\WINDOWS\system32
    Computer: LAPTOP
    Action taken: Clean failed : Quarantine failed : Access denied

    I cannot find this file or folder anywhere, so I tried using spybot to scan my computer...and it did remove some registries. I scan the computer again with Symantec and AVG antivirus and everything looks ok.

    This morning, Symantec antivirus again gave me the same pop-ups about the same trojan. Can anyone please help me? I'm in the middle of writing my thesis so I have enough stressed to begin with :(

    Here is my HiJackThis log is this can give anyone a startup in helping me...

    Logfile of HijackThis v1.99.1
    Scan saved at 10:48:38 AM, on 8/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Grisoft\AVG Free\avgwb.dat
    C:\Program Files\Symantec AntiVirus\VPC32.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Paulin Wahjudi\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\plugins\Npcdp32.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E2330537-93AD-41E8-A7A1-81B4974D86AF}: Domain = usc.edu
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,031
    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires it becomes freeware with reduced functions but still worth keeping.



    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.
     
  3. pnw1979

    pnw1979 Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    19
    Thank you for the instructions...Here are the log files (I need to post them separately because they're too long)

    ewido:
    :mozilla.102:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.75:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.76:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.61:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.62:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.63:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.64:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.65:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.48:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.24:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
    :mozilla.45:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.46:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.47:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.49:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.109:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.110:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.111:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.57:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.71:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.72:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.73:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.74:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.39:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.40:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.42:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.43:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.44:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.38:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.54:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.55:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.56:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.8:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.9:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.41:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.50:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.51:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.52:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.104:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
    :mozilla.101:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
    :mozilla.58:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.59:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.60:C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
     
  4. pnw1979

    pnw1979 Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    19
    Part of the pandascan

    Incident Status Location

    Adware:adware/intcodec Not disinfected Windows Registry
    Adware:adware/ieloader Not disinfected Windows Registry
    Potentially unwanted tool:application/kill&clean Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF69DF00-2734-477F-8257-27CD04F88779}
    Adware:adware/systemdoctor Not disinfected Windows Registry
    Dialer:dialer.min Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB893839-10F0-4AF9-92FA-B23528F530AF}
    Adware:adware/spywaresheriff Not disinfected Windows Registry
    Adware:adware/adrotator Not disinfected Windows Registry
    Adware:adware/netword Not disinfected Windows Registry
    Adware:adware/wetoffice Not disinfected Windows Registry
    Adware:adware/spywaresoftstop Not disinfected Windows Registry
    Adware:adware/mmediapd Not disinfected Windows Registry
    Adware:adware/click Not disinfected Windows Registry
    Adware:adware/quantos Not disinfected Windows Registry
    Spyware:spyware/browseraccelerator Not disinfected Windows Registry
    Adware:adware/wmmafia Not disinfected Windows Registry
    Adware:adware/sinabar Not disinfected Windows Registry
    Adware:adware/psic Not disinfected Windows Registry
    Adware:adware/ourxin Not disinfected Windows Registry
    Adware:adware/idonate Not disinfected Windows Registry
    Adware:adware/brands Not disinfected Windows Registry
    Adware:adware/eztracks Not disinfected Windows Registry
    Adware:adware/roogoo Not disinfected Windows Registry
    Adware:adware/targetad Not disinfected Windows Registry
    Adware:adware/yazzle Not disinfected Windows Registry
    Adware:adware/gator.gotsmiley Not disinfected Windows Registry
    Adware:adware/spywarequake Not disinfected Windows Registry
    Dialer:dialer.gun Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFB51760-344E-4FFB-BFFF-4B18C7AC1D63}
    Potentially unwanted tool:application/seekmo Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
    Adware:adware/trustin Not disinfected Windows Registry
    Adware:adware/vog Not disinfected Windows Registry
    Adware:adware/emediacodec Not disinfected Windows Registry
    Adware:adware/flyswat Not disinfected Windows Registry
    Adware:adware/ready2wear Not disinfected Windows Registry
    Spyware:spyware/searchnet Not disinfected Windows Registry
    Potentially unwanted tool:application/mediapipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
    Adware:adware/shorty Not disinfected Windows Registry
    Adware:adware/spyfalcon Not disinfected Windows Registry
    Adware:adware/alfacleaner Not disinfected Windows Registry
    Adware:adware/adwaresheriff Not disinfected Windows Registry
    Adware:adware/confusearch Not disinfected Windows Registry
    Potentially unwanted tool:application/malwarewipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3103509-F6EC-4592-B5F2-FD862199D778}
    Adware:adware/youcouldwinthis Not disinfected Windows Registry
    Potentially unwanted tool:application/errorsafe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
    Adware:adware/spywarestrike Not disinfected Windows Registry
    Dialer:dialer.fgw Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF25B447-C0EF-49BB-97D8-D7C3FA27DF5F}
    Adware:adware/fchelp Not disinfected Windows Registry
    Adware:adware/rbtoolbar Not disinfected Windows Registry
    Adware:adware/dropspam Not disinfected Windows Registry
    Dialer:dialer.epr Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E15D681-1D20-11D4-8B72-000021DA1956}
    Adware:adware/startpage.anl Not disinfected Windows Registry
    Adware:adware/crystalys Not disinfected Windows Registry
    Adware:adware/adwhere Not disinfected Windows Registry
    Adware:adware/winhound Not disinfected Windows Registry
    Adware:adware/cws.payfortraffic Not disinfected Windows Registry
    Dialer:dialer.dxp Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C881E6FC-C673-4FDD-AEF8-B36DFB10E401}
    Potentially unwanted tool:application/spyaxe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
    Adware:adware/enhancemsearch Not disinfected Windows Registry
    Dialer:dialer.dvj Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c32ee4cb-e99f-4147-bfae-67ff3b6f8076}
     
  5. pnw1979

    pnw1979 Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    19
    More pandascan report
    Adware:adware/borlander Not disinfected Windows Registry
    Adware:adware/mytoolbar Not disinfected Windows Registry
    Adware:adware/cws.ezsearch Not disinfected Windows Registry
    Adware:adware/ipend Not disinfected Windows Registry
    Adware:adware/pigsearch Not disinfected Windows Registry
    Adware:adware/securitytoolbar Not disinfected Windows Registry
    Adware:adware/sweetbar Not disinfected Windows Registry
    Adware:adware/syslibie Not disinfected Windows Registry
    Adware:adware/videoc Not disinfected Windows Registry
    Adware:adware/spyaxe Not disinfected Windows Registry
    Adware:adware/falkag Not disinfected Windows Registry
    Adware:adware/zeropopup Not disinfected Windows Registry
    Adware:adware/webext Not disinfected Windows Registry
    Adware:adware/bdnl Not disinfected Windows Registry
    Adware:adware/masterbar Not disinfected Windows Registry
    Adware:adware/ist.csearch Not disinfected Windows Registry
    Adware:adware/cramtoolbar Not disinfected Windows Registry
    Adware:adware/commad Not disinfected Windows Registry
    Adware:adware/cashsaver Not disinfected Windows Registry
    Adware:adware/bonzibuddy Not disinfected Windows Registry
    Adware:adware/blowsearch Not disinfected Windows Registry
    Adware:adware/affilred Not disinfected Windows Registry
    Adware:adware/adultlinks Not disinfected Windows Registry
    Adware:adware/adservernow Not disinfected Windows Registry
    Adware:adware/adbars Not disinfected Windows Registry
    Adware:adware/cashdeluxe Not disinfected Windows Registry
    Potentially unwanted tool:application/errorguard Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}
    Adware:adware/mpgcom Not disinfected Windows Registry
    Adware:adware/surfassistant Not disinfected Windows Registry
    Adware:adware/morwillsearch Not disinfected Windows Registry
    Adware:adware/infocrawler Not disinfected Windows Registry
    Adware:adware/adcom Not disinfected Windows Registry
    Adware:adware/easyerror Not disinfected Windows Registry
    Adware:adware/weblookup Not disinfected Windows Registry
    Adware:adware/customtoolbar Not disinfected Windows Registry
    Dialer:dialer.dkf Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}
    Adware:adware/quickbar Not disinfected Windows Registry
    Dialer:dialer.dji Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C24626A-CC0D-49d6-8454-AAA5B97D4410}
    Dialer:dialer.dip Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC3185AE-864F-4E62-9321-0E9FA1CBE6A4}
    Adware:adware/2search Not disinfected Windows Registry
    Adware:adware/upspiralbar Not disinfected Windows Registry
    Adware:adware/uppcbar Not disinfected Windows Registry
    Adware:adware/5-search Not disinfected Windows Registry
    Adware:adware/bondreal Not disinfected Windows Registry
    Adware:adware/popupsearches Not disinfected Windows Registry
    Potentially unwanted tool:application/winfixer2005 Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}
    Adware:adware/securityerror Not disinfected Windows Registry
    Adware:adware/mediaplex Not disinfected Windows Registry
    Adware:adware/favadd Not disinfected Windows Registry
    Adware:adware/windrv Not disinfected Windows Registry
    Adware:adware/ddos Not disinfected Windows Registry
    Adware:adware/activshopper Not disinfected Windows Registry
    Adware:adware/mariasearch Not disinfected Windows Registry
    Adware:adware/ieplus Not disinfected Windows Registry
    Adware:adware/bestsearchengine Not disinfected Windows Registry
    Adware:adware/qoologic Not disinfected Windows Registry
    Adware:adware/searchresults Not disinfected Windows Registry
    Adware:adware/cws.customie Not disinfected Windows Registry
    Adware:adware/block-checker Not disinfected Windows Registry
    Dialer:dialer.cso Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BC36767-3FCC-4948-8A13-703F887A3E87}
    Adware:adware/adblock Not disinfected Windows Registry
    Adware:adware/thingies Not disinfected Windows Registry
    Adware:adware/spyblast Not disinfected Windows Registry
    Adware:adware/enhsrch Not disinfected Windows Registry
    Adware:adware/riversoft Not disinfected Windows Registry
    Adware:adware/invisiblepop Not disinfected Windows Registry
    Adware:adware/henbang Not disinfected Windows Registry
    Adware:adware/stripplayer Not disinfected Windows Registry
    Adware:adware/shoppingcommunity Not disinfected Windows Registry
    Adware:adware/appoli Not disinfected Windows Registry
    Adware:adware/bdsearch Not disinfected Windows Registry
    Adware:adware/gxb Not disinfected Windows Registry
    Adware:adware/veevo Not disinfected Windows Registry
    Dialer:dialer.bnz Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D7334F5-CF58-4F22-8502-6CC0ACB2FE6B}
    Adware:adware/searchexplorer Not disinfected Windows Registry
    Dialer:dialer.bmt Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8512B008-B0AA-451F-A744-A289FD8FFDE6}
    Adware:adware/popupdefence Not disinfected Windows Registry
    Adware:adware/seekseek Not disinfected Windows Registry
    Adware:adware/winres Not disinfected Windows Registry
    Dialer:dialer.bkj Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E}
     
  6. pnw1979

    pnw1979 Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    19
    Adware:adware/browserplugin Not disinfected Windows Registry
    Adware:adware/clicker.b Not disinfected Windows Registry
    Adware:adware/surfplugin Not disinfected Windows Registry
    Adware:adware/consumeralertsystem Not disinfected Windows Registry
    Adware:adware/afaenhance Not disinfected Windows Registry
    Adware:adware/seeqbar Not disinfected Windows Registry
    Adware:adware/alibabar Not disinfected Windows Registry
    Adware:adware/dudu Not disinfected Windows Registry
    Adware:adware/hoonter Not disinfected Windows Registry
    Adware:adware/ietoolbar Not disinfected Windows Registry
    Adware:adware/psguard Not disinfected Windows Registry
    Adware:adware/oemji Not disinfected Windows Registry
    Adware:adware/winstat Not disinfected Windows Registry
    Adware:adware/diytoolbar Not disinfected Windows Registry
    Adware:adware/moneygainer Not disinfected Windows Registry
    Adware:adware/weirdontheweb Not disinfected Windows Registry
    Adware:adware/antivirus-gold Not disinfected Windows Registry
    Adware:adware/kz515 Not disinfected Windows Registry
    Adware:adware/miamore Not disinfected Windows Registry
    Dialer:dialer.cbz Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17243282-24D7-01A5-B2CE-4AD63FBA0B93}
    Adware:adware/g-search Not disinfected Windows Registry
    Adware:adware/bigtrafficnet Not disinfected Windows Registry
    Adware:adware/maxifiles Not disinfected Windows Registry
    Spyware:spyware/lefeat Not disinfected Windows Registry
    Adware:adware/craft Not disinfected Windows Registry
    Adware:adware/aurora Not disinfected Windows Registry
    Adware:adware/digitalnames Not disinfected Windows Registry
    Adware:adware/redbanner Not disinfected Windows Registry
    Adware:adware/coolsavings Not disinfected Windows Registry
    Adware:adware/richfind Not disinfected Windows Registry
    Adware:adware/ctxpopup Not disinfected Windows Registry
    Adware:adware/stickypops Not disinfected Windows Registry
    Adware:adware/startpage.wl Not disinfected Windows Registry
    Adware:adware/startpage.wh Not disinfected Windows Registry
    Adware:adware/wazzup Not disinfected Windows Registry
    Adware:adware/imgiant Not disinfected Windows Registry
    Potentially unwanted tool:application/need2find Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{630D6140-04C5-4db0-B27A-020D766FF09B}
    Adware:adware/ezcybersearch Not disinfected Windows Registry
    Adware:adware/advertor Not disinfected Windows Registry
    Adware:adware/novo Not disinfected Windows Registry
    Adware:adware/baidubar Not disinfected Windows Registry
    Adware:adware/xmllib Not disinfected Windows Registry
    Adware:adware/rxtoolbar Not disinfected Windows Registry
    Adware:adware/mbkwbar Not disinfected Windows Registry
    Adware:adware/virmaid Not disinfected Windows Registry
    Adware:adware/startpage.acd Not disinfected Windows Registry
    Adware:adware/popuper Not disinfected Windows Registry
    Adware:adware/premiumsearch Not disinfected Windows Registry
    Adware:adware/mshtmpre Not disinfected Windows Registry
    Adware:adware/nowfind Not disinfected Windows Registry
    Adware:adware/startpage.abr Not disinfected Windows Registry
    Adware:adware/bluescreenwarning Not disinfected Windows Registry
    Dialer:dialer.avv Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{600F23ED-5F29-49FF-1678-0E780F1A0814}
    Adware:adware/d9x Not disinfected Windows Registry
    Adware:adware/startpage.aai Not disinfected Windows Registry
    Adware:adware/iebar Not disinfected Windows Registry
    Potentially unwanted tool:application/eblaster Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4b58522-89aa-45ed-bf8d-ebe7207a5d2a}
    Adware:adware/startpage.aaf Not disinfected Windows Registry
    Spyware:spyware/way4find Not disinfected Windows Registry
    Adware:adware/abox Not disinfected Windows Registry
    Adware:adware/admess Not disinfected Windows Registry
    Adware:adware/startpage.kc Not disinfected Windows Registry
    Adware:adware/gogotools Not disinfected Windows Registry
    Dialer:dialer.asl Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{042EEA26-2402-4E5A-B5BB-0FB445A5526E}
    Adware:adware/77ttt Not disinfected Windows Registry
    Adware:adware/hotoffers Not disinfected Windows Registry
    Adware:adware/mediaback Not disinfected Windows Registry
    Adware:adware/iguard Not disinfected Windows Registry
    Adware:adware/topspyware Not disinfected Windows Registry
    Adware:adware/adultlt Not disinfected Windows Registry
    Adware:adware/adsmart Not disinfected Windows Registry
    Adware:adware/searchforit Not disinfected Windows Registry
    Adware:adware/pacimedia Not disinfected Windows Registry
    Adware:adware/gatorclone Not disinfected Windows Registry
    Adware:adware/popularsearches Not disinfected Windows Registry
    Adware:adware/searcher Not disinfected Windows Registry
    Adware:adware/navipromo Not disinfected Windows Registry
    Potentially unwanted tool:application/iwon Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3001A8A6-2BE1-11D4-AEDE-0050DAC24E8F}
    Adware:adware/abxsearch Not disinfected Windows Registry
    Adware:adware/webdir Not disinfected Windows Registry
    Dialer:dialer.ags Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A41C6220-6F42-4646-B119-FBE6F4D38E3C}
     
  7. pnw1979

    pnw1979 Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    19
    Adware:adware/mirar Not disinfected Windows Registry
    Adware:adware/ipbill Not disinfected Windows Registry
    Dialer:dialer.afa Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14051602-5C4E-11d6-916B-00E02964E8E3}
    Adware:adware/winad Not disinfected Windows Registry
    Dialer:dialer.adn Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9CA5D65-52BE-4790-BEA3-F3E2F5A76B02}
    Dialer:dialer.adm Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCDB34A6-C1A6-4C89-9526-E84A579A0EF7}
    Adware:adware/delta Not disinfected Windows Registry
    Adware:adware/coolsearchhome Not disinfected Windows Registry
    Adware:adware/instafinder Not disinfected Windows Registry
    Adware:adware/azesearch Not disinfected Windows Registry
    Adware:adware/clearsurfing Not disinfected Windows Registry
    Adware:adware/toolbarins Not disinfected Windows Registry
    Dialer:dialer.aas Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33331111-1111-1111-1111-622221193458}
    Adware:adware/transponder Not disinfected Windows Registry
    Adware:adware/iemenuextension Not disinfected Windows Registry
    Adware:adware/otx Not disinfected Windows Registry
    Adware:adware/cws.aboutblank Not disinfected Windows Registry
    Adware:adware/looksmart Not disinfected Windows Registry
    Adware:adware/cws.nfo Not disinfected Windows Registry
    Adware:adware/toolbarsimbar Not disinfected Windows Registry
    Spyware:spyware/iehelp Not disinfected Windows Registry
    Dialer:dialer.za Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d6addbf-8227-4d36-ae46-116afbdafca0}
    Dialer:dialer.yz Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02C20140-76F8-4763-83D5-B660107B7A90}
    Dialer:dialer.yy Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23273a1c-c870-43c4-a3e3-67dc98630ac6}
    Dialer:dialer.yx Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ECF916F-A5DE-4DD4-A142-B35A29DC2EDB}
    Adware:adware/commandertoolbar Not disinfected Windows Registry
    Adware:adware/startpage.qh Not disinfected Windows Registry
    Dialer:dialer.yc Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96b01a48-1317-4a87-91f7-10116f755705}
    Spyware:spyware/linkreplacer Not disinfected Windows Registry
    Adware:adware/cws.searchmeup Not disinfected Windows Registry
    Adware:adware/esyndicate Not disinfected Windows Registry
    Adware:adware/powerstrip Not disinfected Windows Registry
    Adware:adware/findspy Not disinfected Windows Registry
    Adware:adware/cleangetaway Not disinfected Windows Registry
    Adware:adware/xrenoder Not disinfected Windows Registry
    Adware:adware/mybhospy Not disinfected Windows Registry
    Dialer:dialer.xs Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ceb29da4-7afa-4f24-b3cd-17351d590df0}
    Spyware:spyware/petro-line Not disinfected Windows Registry
    Adware:adware/btgrab Not disinfected Windows Registry
    Adware:adware/gigabar Not disinfected Windows Registry
    Adware:adware/hungryhands Not disinfected Windows Registry
    Spyware:spyware/lowzones Not disinfected Windows Registry
    Adware:adware/24-7-search Not disinfected Windows Registry
    Dialer:dialer.xe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30CE93AE-4987-483C-9ABE-F2BD5301AB70}
    Dialer:dialer.xd Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
    Adware:adware program Not disinfected Windows Registry
    Adware:adware/neon Not disinfected Windows Registry
    Adware:adware/dailytoolbar Not disinfected Windows Registry
    Adware:adware/browvil Not disinfected Windows Registry
    Adware:adware/adshooter Not disinfected Windows Registry
    Adware:adware/interkey Not disinfected Windows Registry
    Adware:adware/globosearch Not disinfected Windows Registry
    Adware:adware/ro2cn Not disinfected Windows Registry
    Spyware:spyware/search3 Not disinfected Windows Registry
    Spyware:spyware/escorcher Not disinfected Windows Registry
    Spyware:spyware/fastsearchweb Not disinfected Windows Registry
    Adware:adware/searchrelevancy Not disinfected Windows Registry
    Spyware:spyware/surfsidekick Not disinfected Windows Registry
    Adware:adware/stiebar Not disinfected Windows Registry
    Spyware:spyware/iesearchtoolbar Not disinfected Windows Registry
    Spyware:spyware/whazit Not disinfected Windows Registry
    Adware:adware/mycustomie Not disinfected Windows Registry
    Adware:adware/ist.yoursitebar Not disinfected Windows Registry
    Dialer:dialer.vm Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F}
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,031
    Please download SmitfraudFix (by S!Ri)

    Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop. This is imperative for the tool to function properly. If using a utility such as winzip you will have to direct it there as it will not unzip to the desktop by default. The desination location should look like this (C: being your primary drive): C:\Documents and Settings\User\Desktop\SmitfraudFix

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  9. pnw1979

    pnw1979 Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    19
    Do you want me to keep posting the pandascan report?
     
  10. pnw1979

    pnw1979 Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    19
    Thanks...here is the list
    SmitFraudFix v2.81

    Scan done at 16:16:11.84, Thu 08/10/2006
    Run from C:\Documents and Settings\Paulin Wahjudi\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paulin Wahjudi\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PAULIN~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,031
    :eek: You mean there's more? :( Yes, please post the rest of the Panda scan.


    Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Don’t do anything with it yet!


    Click here for info on how to boot to safe mode if you don't already know how.


    Reboot into Safe Mode.


    Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    Reboot back to Normal Mode!


    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste WinPFind.txt in your next post here please.
     
  12. pnw1979

    pnw1979 Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    19
    Adware:adware/fastvideoplayer Not disinfected Windows Registry
    Adware:adware/startpage.na Not disinfected Windows Registry
    Adware:adware/topconvert Not disinfected Windows Registry
    Adware:adware/ebgames Not disinfected Windows Registry
    Adware:adware/mytotalsearch Not disinfected Windows Registry
    Spyware:spyware/bundleware Not disinfected Windows Registry
    Adware:adware/activesearch Not disinfected Windows Registry
    Adware:adware/deskwizz Not disinfected Windows Registry
    Adware:adware/superspider Not disinfected Windows Registry
    Spyware:spyware/spydeleter Not disinfected Windows Registry
    Adware:adware/worldsearch Not disinfected Windows Registry
    Spyware:spyware/shazaa Not disinfected Windows Registry
    Adware:adware/getup Not disinfected Windows Registry
    Adware:adware/quickbrowser Not disinfected Windows Registry
    Adware:adware/mssearch Not disinfected Windows Registry
    Adware:adware/startpage.mc Not disinfected Windows Registry
    Spyware:spyware/virtumonde Not disinfected Windows Registry
    Adware:adware/clkoptimizer Not disinfected Windows Registry
    Adware:adware/powersearch Not disinfected Windows Registry
    Adware:adware/kingporn Not disinfected Windows Registry
    Adware:adware/iesearchbar Not disinfected Windows Registry
    Adware:adware/thelocalsearch Not disinfected Windows Registry
    Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29D67D3C-509A-4544-903F-C8C1B8236554}
    Adware:adware/whenusearch Not disinfected Windows Registry
    Adware:adware/clocksync Not disinfected Windows Registry
    Adware:adware/e2give Not disinfected Windows Registry
    Adware:adware/tubby Not disinfected Windows Registry
    Adware:adware/sgrunt Not disinfected Windows Registry
    Spyware:spyware/marketscore Not disinfected Windows Registry
    Adware:adware/fastfind Not disinfected Windows Registry
    Adware:adware/sbsoft Not disinfected Windows Registry
    Adware:adware/freescratch Not disinfected Windows Registry
    Adware:adware/megasearch Not disinfected Windows Registry
    Adware:adware/surebar Not disinfected Windows Registry
    Adware:adware/locator Not disinfected Windows Registry
    Adware:adware/midaddle Not disinfected Windows Registry
    Adware:adware/searchsquire Not disinfected Windows Registry
    Adware:adware/beginto Not disinfected Windows Registry
    Spyware:spyware/omi Not disinfected Windows Registry
    Adware:adware/neededware Not disinfected Windows Registry
    Adware:adware/redv Not disinfected Windows Registry
    Adware:adware/cashbar Not disinfected Windows Registry
    Dialer:dialer.su Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CBF8C22-E9A6-11D7-90FE-000AE4012DB4}
    Adware:adware/searchmall Not disinfected Windows Registry
    Adware:adware/toolbarshopper Not disinfected Windows Registry
    Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
    Adware:adware/404search Not disinfected Windows Registry
    Adware:adware/huntbar Not disinfected Windows Registry
    Adware:adware/exact.searchbar Not disinfected Windows Registry
    Adware:adware/elitebar Not disinfected Windows Registry
    Adware:adware/instdollars Not disinfected Windows Registry
    Potentially unwanted tool:application/altnet Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E79DADC6-18D0-4A2A-831F-D196D41F8438}
    Adware:adware/coupons Not disinfected Windows Registry
    Dialer:dialer generic Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C771B05E-E725-4516-97A5-4CE5EB163CFB}
    Adware:adware/ist.xxxtoolbar Not disinfected Windows Registry
    Adware:adware/wupd Not disinfected Windows Registry
    Spyware:spyware/overpro Not disinfected Windows Registry
    Adware:adware/easysearch Not disinfected Windows Registry
    Adware:adware/redswoosh Not disinfected Windows Registry
    Adware:adware/alexa-toolbar Not disinfected Windows Registry
    Adware:adware/sidestep Not disinfected Windows Registry
    Adware:adware/twain-tech Not disinfected Windows Registry
    Adware:adware/localnrd Not disinfected Windows Registry
    Spyware:spyware/clientman Not disinfected Windows Registry
    Adware:adware/fizzle Not disinfected Windows Registry
    Dialer:dialer.qi Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BCE6A6A-9F26-4A77-A9A7-A68A6C17068D}
    Adware:adware/toprebates Not disinfected Windows Registry
    Adware:adware/adblaster Not disinfected Windows Registry
    Dialer:dialer.py Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}
    Adware:adware/mydailyhoroscope Not disinfected Windows Registry
    Spyware:spyware/media-motor Not disinfected Windows Registry
    Adware:adware/ieplugin Not disinfected Windows Registry
    Adware:adware/opensite Not disinfected Windows Registry
    Adware:adware/comet Not disinfected Windows Registry
    Adware:adware/adlogix Not disinfected Windows Registry
    Adware:adware/searchfast Not disinfected Windows Registry
    Spyware:spyware/lzio-media Not disinfected Windows Registry
    Adware:adware/searchexe Not disinfected Windows Registry
    Adware:adware/123mania Not disinfected Windows Registry
    Dialer:dialer.ok Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66BD1BD0-3655-42E4-8CE9-16D3613B0B25}
     
  13. pnw1979

    pnw1979 Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    19
    Adware:adware/adroar Not disinfected Windows Registry
    Dialer:dialer.no Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B7DA92A-DB6E-71C2-2459-55BB4198387B}
    Adware:adware/isearch Not disinfected Windows Registry
    Adware:adware/dealhelper Not disinfected Windows Registry
    Adware:adware/blazefind Not disinfected Windows Registry
    Adware:adware/adsincontext Not disinfected Windows Registry
    Adware:adware/noname Not disinfected Windows Registry
    Adware:adware/searchwww Not disinfected Windows Registry
    Adware:adware/ilookup Not disinfected Windows Registry
    Adware:adware/magiccontrol Not disinfected Windows Registry
    Adware:adware/navhelper Not disinfected Windows Registry
    Adware:adware/zipclix Not disinfected Windows Registry
    Adware:adware/vloading Not disinfected Windows Registry
    Adware:adware/zsearch Not disinfected Windows Registry
    Adware:adware/quicksearch Not disinfected Windows Registry
    Adware:adware/ist.sidefind Not disinfected Windows Registry
    Adware:adware/ipinsight Not disinfected Windows Registry
    Adware:adware/iedriver Not disinfected Windows Registry
    Dialer:dialer.du Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B55BB05-0B4D-44FD-81A6-B136188F5DEB}
    Adware:adware/sidesearch Not disinfected Windows Registry
    Adware:adware/mediatickets Not disinfected Windows Registry
    Spyware:spyware/roing Not disinfected Windows Registry
    Adware:adware/delfinmedia Not disinfected Windows Registry
    Adware:adware/tvmedia Not disinfected Windows Registry
    Adware:adware/sqwire Not disinfected Windows Registry
    Adware:adware/webhancer Not disinfected Windows Registry
    Adware:adware/adtomi Not disinfected Windows Registry
    Dialer:dialer.ix Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4358161B-A4B8-498E-8019-3DAB50DFD578}
    Adware:adware/onban Not disinfected Windows Registry
    Adware:adware/virtualbouncer Not disinfected Windows Registry
    Adware:adware/addestroyer Not disinfected Windows Registry
    Spyware:spyware/bridge Not disinfected Windows Registry
    Adware:adware/wintools Not disinfected Windows Registry
    Adware:adware/searchaid Not disinfected Windows Registry
    Adware:adware/favoriteman Not disinfected Windows Registry
    Spyware:spyware/apropos Not disinfected Windows Registry
    Adware:adware/topmoxie Not disinfected Windows Registry
    Spyware:spyware/cws.olehelp Not disinfected Windows Registry
    Adware:adware/netpals Not disinfected Windows Registry
    Adware:adware/cws.yexe Not disinfected Windows Registry
    Adware:adware/igetnet Not disinfected Windows Registry
    Adware:adware/bookedspace Not disinfected Windows Registry
    Spyware:spyware/shopnav Not disinfected Windows Registry
    Spyware:spyware/searchcentrix Not disinfected Windows Registry
    Potentially unwanted tool:application/funweb Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FF05104-B030-46FC-94B8-81276E4E27DF}
    Adware:adware/statblaster Not disinfected Windows Registry
    Spyware:spyware/safesurf Not disinfected Windows Registry
    Dialer:dialer.dk Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B7395BA-42B4-44DB-9819-5C5454EDF498}
    Adware:adware/xupiter Not disinfected Windows Registry
    Adware:adware/superbar Not disinfected Windows Registry
    Adware:adware/cws Not disinfected Windows Registry
    Adware:adware/safesearch Not disinfected Windows Registry
    Adware:adware/sahagent Not disinfected Windows Registry
    Adware:adware/powerscan Not disinfected Windows Registry
    Adware:adware/portalscan Not disinfected Windows Registry
    Spyware:spyware/betterinet Not disinfected Windows Registry
    Adware:adware/browseraid Not disinfected Windows Registry
    Adware:adware/keenvalue Not disinfected Windows Registry
    Dialer:dialer.db Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03FBB191-FB50-4154-91D7-587D5E3C3C9A}
    Adware:adware/talkstocks Not disinfected Windows Registry
    Dialer:dialer.cn Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{511F9316-771B-4953-A268-1C36DA667FE9}
    Dialer:dialer.ce Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F72BC3F0-6C20-4793-9DDA-258589D8A907}
    Adware:adware/lop Not disinfected Windows Registry
    Dialer:dialer.bz Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C3A9EA6-4068-46B8-8B5A-692FB10607B1}
    Adware:adware/purityscan Not disinfected Windows Registry
    Spyware:spyware/dctoolbar Not disinfected Windows Registry
    Spyware:spyware/clearsearch Not disinfected Windows Registry
    Adware:adware/ist.istbar Not disinfected Windows Registry
    Dialer:dialer.bb Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CED445E2-8C78-4F40-87D7-F7FB6F1B6791}
    Spyware:spyware/dynadesk Not disinfected Windows Registry
    Adware:adware/xplugin Not disinfected Windows Registry
    Potentially unwanted tool:application/perfectkeylog.a Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951F}
    Adware:adware/dyfuca Not disinfected Windows Registry
    Adware:adware/flashtrack Not disinfected Windows Registry
    Dialer:dialer.ap Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB2BD5A-7A80-4BA9-B49A-02DC51144BDF}
    Spyware:spyware/adclicker Not disinfected Windows Registry
    Adware:adware/downloadware Not disinfected Windows Registry
    Adware:adware/wurldmedia Not disinfected Windows Registry
    Adware:adware/scbar Not disinfected Windows Registry
    Adware:adware/ncase Not disinfected Windows Registry
    Potentially unwanted tool:application/myway Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F0B492-A42E-435A-BCBF-C6B2608077BA}
     
  14. pnw1979

    pnw1979 Thread Starter

    Joined:
    Aug 10, 2006
    Messages:
    19
    Adware:adware/gator Not disinfected Windows Registry
    Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
    Adware:adware/savenow Not disinfected Windows Registry
    Spyware:spyware/new.net Not disinfected Windows Registry
    Adware:adware/ezula Not disinfected Windows Registry
    Adware:adware/aureate-radiate Not disinfected Windows Registry
    Spyware:spyware/commonname Not disinfected Windows Registry
    Adware:adware/surfbar Not disinfected Windows Registry
    Adware:adware/ucmore Not disinfected Windows Registry
    Dialer:dialer.b Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Paulin Wahjudi\Application Data\Mozilla\Firefox\Profiles\xgw0385h.default\cookies.txt[.realmedia.com/]
    Virus:Trj/Agent.AKI Not disinfected C:\Documents and Settings\Paulin Wahjudi\My Documents\My Downloads\StormCodec5.07.exe[yisou_sc.exe]
    Virus:Trj/Agent.AKI Not disinfected C:\Documents and Settings\Paulin Wahjudi\My Documents\My Downloads\StormCodec5.07.exe[yisou_sc.exe][aclayer.exe]
    Virus:Trj/Agent.AKI Not disinfected C:\Documents and Settings\Paulin Wahjudi\My Documents\My Downloads\StormCodec5.07.exe[yisou_sc.exe][aclayer.exe][aclayer.dll]
    Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-750596938-1972090345-1339398546-1006\Dc22.zip[SmitfraudFix/Process.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

    Logfile of HijackThis v1.99.1
    Scan saved at 4:35:20 PM, on 8/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Paulin Wahjudi\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Class - {CE780CEF-AA1A-4579-2E71-B1B0C127D72C} - C:\WINDOWS\bklfx1.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\plugins\Npcdp32.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E2330537-93AD-41E8-A7A1-81B4974D86AF}: Domain = usc.edu
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,031
    Just in case you missed it while you were having so much fun with Panda, please see post no. 11. ;)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/491151

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice