Solved: DeskTop Ads

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ron6456

Thread Starter
Joined
Aug 24, 2004
Messages
99
I now have a desk top add on my computer and nothing I do will get rid of it. I have tried running Ad-Aware SE and SpyBot and still the ad is on my desk top. I'll post a log and any tips on how to remove will be appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 9:16:33 PM, on 12/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\WINDOWS\System32\popcorn72.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\winstall.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\msblank.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122281269871
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F406F71-EBA2-4DC8-AC60-8315970445DC}: NameServer = 85.255.114.40,85.255.112.156
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\Program Files\Aluria Software\ASE\ASEServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.exe" start (file missing)

Thanks Ron
 
Joined
Jul 8, 2002
Messages
14,681
Please save or print these instructions before beginning
  • Please uninstall SpywareCleaner from Start>>Control Panel>>Add or Remove Programs, as the company behind it is known for using deceptive advertising to push its products
  • Run HijackThis and click Do a system scan only
  • Put a checkmark next to any of the following entries that appear, and click Fix Checked:

    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
  • Exit HijackThis
  • Save smitRem to your Desktop and run smitRem.exe
  • Download and install Ewido Security Suite
  • During the installation, uncheck the following under Additional Options:

    Install background guard
    Install scan via context menu
  • Run Ewido and click OK when prompted to update the program
  • On the left side of the screen, click update>>Start
  • When the update is finished, exit Ewido
  • Open to smitRem folder and run RunThis.bat. Follow the onscreen prompts
  • Run Ewido Security Suite
  • Click scanner>>Complete System Scan
  • Click OK when prompted to clean the problems found
  • When the scan is finished, click Save Report and save a copy of this log to your Desktop
  • Exit Ewido
  • Go to Start>>Control Panel>>Internet Options>>Programs
  • Click Reset Web Settings>>Apply>>OK
  • Go to Start>>Control Panel>>Display>>Desktop
  • Click Customize Desktop>>Web
  • If you see an entry called Security info or something similar, select it and click Delete>>OK>>Apply>>OK
  • Run KillBox and go to Action>>Delete on Reboot
  • Go to File>>Add File and select each of the following file/folder paths

    C:\winstall.exe
    C:\Program Files\Spyware Cleaner\
  • Go to Action>>Process and Reboot>>Yes
    WARNING: Your computer will be restarted. Any unsaved work in open applications will be lost.​
  • Post the contents of C:\smitfiles.txt
  • Post the contents of the Ewido Security Suite report that you saved to your Desktop earlier
  • Run HijackThis and click Do a system scan and save a log file
  • Your HijackThis log will open in Notepad. Post the contents of the log here
 

ron6456

Thread Starter
Joined
Aug 24, 2004
Messages
99
I have been unable to download the Kaspersky Online Scanner I have tried several times and each time after I check on the "I agree" to the statement it starts to download and just stops. I have done everything else, and the desk top ads are still present.


Logfile of HijackThis v1.99.1
Scan saved at 2:16:38 PM, on 12/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122281269871
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F406F71-EBA2-4DC8-AC60-8315970445DC}: NameServer = 85.255.114.40,85.255.112.156
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\Program Files\Aluria Software\ASE\ASEServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.exe" start (file missing)

Ewido File to follow
 

ron6456

Thread Starter
Joined
Aug 24, 2004
Messages
99
1st part of Ewido:
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:36:28 PM, 12/27/2005
+ Report-Checksum: C4ECC714

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{0B58BEF4-C0D5-53BA-4F75-D23E40367540} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1BD83F34-5674-FA0D-E5B2-7D7655F0D46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{286ECE71-3F17-089B-F6BD-0E16D255AE8A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4CC6B346-9934-1C2F-1EBB-53F81823D9B4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F32646E-6D3E-257C-2369-EFD1A3A012F8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{62B52B4D-547B-BFC7-9850-79709FDECF27} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{714C2287-DB2D-3514-4785-8EC21BA5C5F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E2B347A-52AA-597F-9371-80822A8D1263} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{932ECF21-1DCB-F962-4C70-56830E2BD255} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A8F5394-C42E-426F-B539-E4F44D9C9347} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A01394EE-8B14-B1D4-AE65-22E7424A71D0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A37B1EF1-FF7A-A47A-8449-3BCE6606697A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C90592CB-B294-397E-DF83-995F7912652D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB118E8B-875C-AD27-289B-C22A5B4AA454} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C505A6B-124B-4768-8FD3-1A066C839848} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C89E0F84-3C34-43D1-A72C-AF1A160A7C07} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1957994488-1123561945-725345543-1003\Software\msbb -> Spyware.180Solutions : Cleaned with backup
[212] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning
[236] VM_00C50000 -> Downloader.Agent.uj : Error during cleaning
[1028] VM_007B0000 -> Downloader.Agent.uj : Error during cleaning
:mozilla.7:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\default.9w6\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\default.9w6\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\default.9w6\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\default.9w6\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\default.9w6\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\default.9w6\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\default.9w6\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\e4ksa8nz.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\e4ksa8nz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Mary\Application Data\Mozilla\Firefox\Profiles\sq7t00ko.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
C:\Documents and Settings\Ron\1.dat -> Downloader.Small.awa : Cleaned with backup
C:\Documents and Settings\Ron\2.dat -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\kq2v4ypz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\zhfrj760.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Ron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-789d877d-7e17832d.RB0/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Ron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counters.jar-e39aabf-417f6e91.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\Ron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-11f63847-2d2144c1.RB0/Matrix.class -> Downloader.OpenConnection.s : Cleaned with backup
C:\Documents and Settings\Ron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-11f63847-2d2144c1.zip/Matrix.class -> Downloader.OpenConnection.s : Cleaned with backup
C:\Documents and Settings\Ron\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Ron\My Documents\backups\backup-20040827-100838-316.dll -> Downloader.Agent.an : Cleaned with backup
 

ron6456

Thread Starter
Joined
Aug 24, 2004
Messages
99
2nd part of Ewido:
C:\Program Files\Aluria Software\ASE\Backup\11727109.ase -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Aluria Software\ASE\Backup\11727375.ase -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Aluria Software\ASE\Backup\11728140.ase -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Internet Explorer\gxeeta.exe -> Downloader.Agent.aw : Cleaned with backup
C:\Program Files\Internet Explorer\hreybfdg.exe -> Downloader.Agent.aw : Cleaned with backup
C:\Program Files\Internet Explorer\qvksryqe.exe -> Downloader.Petrolin.b : Cleaned with backup
C:\Program Files\Internet Explorer\wnrxpyum.exe -> Downloader.Petrolin.a : Cleaned with backup
C:\Program Files\nickarcade\nickarcade.dll -> Adware.BHO : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP486\A0017790.exe -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP486\A0017870.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP486\A0017880.exe/nickarcade.dll -> Adware.BHO : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP486\A0017880.exe/nickarcade.dll -> Adware.BHO : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0017971.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018062.exe:eek:jrcm -> Downloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018064.exe:fdlff -> Downloader.Agent.an : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018065.exe:pnvkb -> Downloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018066.dll:xrkbs -> Downloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018066.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018067.ini:eek:dyis -> Downloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018068.exe:nraxr -> Downloader.Agent.cd : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018069.dll:elyxo -> Downloader.WinShow.ak : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018070.ini:rvudf -> Downloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018071.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018074.old:nthgy -> Downloader.WinShow.ak : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018076.exe:mjpxs -> Downloader.WinShow.u : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018077.ini:miewi -> Downloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018078.exe:rjyuz -> Downloader.Agent.an : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018079.prx:arbxn -> Downloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018080.pif:yqlbo -> Downloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018081.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018082.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018083.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018084.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018085.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018086.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018087.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018088.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018089.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018090.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018091.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018092.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018093.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018094.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018095.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018096.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018097.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018098.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018099.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018100.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018101.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018102.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018103.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018104.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018105.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018106.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018107.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018108.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018109.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018110.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018111.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018112.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018113.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018114.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018115.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018116.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018117.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018118.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP487\A0018119.dll -> Downloader.Agent.al : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP490\A0018305.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP490\A0018376.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP491\A0019374.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP492\A0019430.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP492\A0020429.exe -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{11AB085C-4C66-48B6-8B42-2399AF73D53B}\RP492\A0020430.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
C:\WINDOWS\apicb32.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apprq.exe -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\bemspt.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bpcltc.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crmc32.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crqb.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3we32.exe.bak -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\dfewmg.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS277.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gxeeta.exe -> Downloader.Agent.aw : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\hreybfdg.exe -> Downloader.Agent.aw : Cleaned with backup
C:\WINDOWS\dtnada.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hcrtjg.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipyl.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaeu.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javahr32.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javale.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javatr32.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nettq32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_nohfnc.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_rjfolx.dat -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\n_vczgzz.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_viyotg.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysbj32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysod32.exe -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\system\d2ka.exe -> Not-A-Virus.PornWare.Downloader.Tibsystems : Cleaned with backup
C:\WINDOWS\system32\apiwx32.exe -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\system32\applc32.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\appwb.exe -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\system32\atlty.exe -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\system32\axuninstall.exe -> Spyware.BlazeFind : Cleaned with backup
C:\WINDOWS\system32\dgprpsetup.exe -> Downloader.Small.bgv : Cleaned with backup
C:\WINDOWS\system32\dial32.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\system32\ipgm32.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javaqi32.exe -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\system32\netnr32.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntdk.dll -> Downloader.Agent.an : Cleaned with backup
C:\WINDOWS\system32\ntxm.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\popcorn72.exe -> Downloader.Small.bgv : Cleaned with backup
C:\WINDOWS\system32\sdkns32.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkpy.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\syssh.exe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysuf.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winctrl32.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
C:\WINDOWS\system32\winctrl64.exe -> Downloader.Small.awa : Cleaned with backup
C:\WINDOWS\system32\winpn32.dll -> Downloader.Agent.an : Cleaned with backup
C:\WINDOWS\system32\winws32.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vefstt.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vmppih.dat -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\winje.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winqz.exe -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\winserv.exe -> Spyware.XMedia : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End
 

ron6456

Thread Starter
Joined
Aug 24, 2004
Messages
99
As for the C:smitfiles.txt, I can't seem to open that and copy it to paste it here. Something I am doing?
 
Joined
Jul 8, 2002
Messages
14,681
  • Run HijackThis and click Open the Misc Tools section
  • Click Open Uninstall Manager>>Save list and save the log to your Desktop
  • A list of programs will open in Notepad. Post the contents of the log here
 

ron6456

Thread Starter
Joined
Aug 24, 2004
Messages
99
3D Groove Playback Engine
3D Hearts Deluxe 1.1
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
AOL Instant Messenger
BCM V.92 56K Modem
Big Fish Games Toolbar
Dell ResourceCD
DivX
DivX Player
ESPN Java Check
ESPN Version 2.0.6.62
ewido anti-malware
Hijackthis 1.99.1
HijackThis 1.99.1
HP Photo and Imaging 1.0 - PSC 2000 Series
HP Photo and Imaging 1.0 - PSC 2000 Series
HP Photo and Imaging 1.0 - PSC 2000 Series Drivers
hp psc 2200 series
Intel(R) PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Office Standard Edition 2003
Mozilla Firefox (1.5)
Nick Aracde Toolbar
Norton AntiVirus 2003
NVIDIA Windows 2000/XP Display Drivers
Outlook Express Q823353
RealPlayer
SoundMAX
Spybot - Search & Destroy 1.3
Spyware Eliminator
Viewpoint Media Player
WeatherBug
WildTangent Web Driver
Windows Media Player Hotfix [See Q828026 for more information]
Windows SA
Windows SR 2.0
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839643
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB889293
Windows XP Hotfix (SP2) Q819696
 
Joined
Jul 8, 2002
Messages
14,681
Uninstall these programs:
ViewPoint Media Player

I would also recommend uninstalling Spyware Eliminator as there are better programs available.

If you log in as Administrator, are you able to remove the desktop icons?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,919
If you don't mind, I'd like to see a start-up log from HijackThis:

Open HijackThis.
Click on Open Misc Tools Section
Make sure that both boxes beside "Generate StartupList Log" are checked:
  • List all minor sections(Full)
  • List Empty Sections(Complete)
Click Generate StartupList Log.
Click Yes at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.
 

ron6456

Thread Starter
Joined
Aug 24, 2004
Messages
99
OK here is part 1:
StartupList report, 12/27/2005, 7:19:11 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Ron\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
officejet 6100.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\System32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
BCMSMMSG = BCMSMMSG.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
PestPatrol Control Center = C:\PROGRA~1\PESTPA~1\PPControl.exe
PPMemCheck = C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
CookiePatrol = C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
WildTangent CDA = RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
SpyKiller = C:\Program Files\SpyKiller\spykiller.exe /startup
BestPopUpKiller = C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
Weather = C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
UnSpyPC = "C:\Program Files\UnSpyPC\UnSpyPC.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = blank

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}
(no name) - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing) - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E}
(no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[ppctlcab]
CODEBASE = http://www.pestscan.com/scanner/ppctlcab.cab
OSD = C:\WINDOWS\Downloaded Program Files\OSD406.OSD

[{0000000A-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[PPSDKActiveXScanner.MainScreen]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PPSDKActiveXScanner.ocx
CODEBASE = http://www.pestscan.com/scanner/axscanner.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122281269871

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

[Groove Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GrooveAX.dll
CODEBASE = http://www.nick.com/common/groove/gx/GrooveAX27.cab

[Java Plug-in 1.5.0_05]
InProcServer32 = C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

[Virtools WebPlayer Class]
InProcServer32 = C:\Program Files\Virtools Web Player 3.0\WebPlayer.ocx
CODEBASE = http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe

[Java Plug-in 1.4.2_04]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

[Java Plug-in 1.4.2_05]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

[Java Plug-in 1.5.0_05]
InProcServer32 = C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
 

ron6456

Thread Starter
Joined
Aug 24, 2004
Messages
99
part 2:
--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Aluria Spyware Eliminator Service: C:\Program Files\Aluria Software\ASE\ASEServ.exe (autostart)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
BCM V.92 56K Modem: System32\DRIVERS\BCMSM.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
bvrp_pci: \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation Service: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050824.008\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050824.008\NavEx15.Sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)
Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS (autostart)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Security Agent: "C:\WINDOWS\system32\scagent.exe" start (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
smwdm: system32\drivers\smwdm.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{78E64E00-C988-4148-84EC-D71C1864C8DE} (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
ZPMODEMSYSNTDRVNT: \??\C:\WINDOWS\System32\drivers\zpmodemnt.sys (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 34,733 bytes
Report generated in 0.312 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,919
It's what I thought and it's showing in the start-up log. There is a lot to do. Please post a current HijackThis log and then I will post further instructions.
 

ron6456

Thread Starter
Joined
Aug 24, 2004
Messages
99
Logfile of HijackThis v1.99.1
Scan saved at 8:01:04 PM, on 12/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122281269871
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F406F71-EBA2-4DC8-AC60-8315970445DC}: NameServer = 85.255.114.40,85.255.112.156
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\Program Files\Aluria Software\ASE\ASEServ.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.exe" start (file missing)
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,919
Go to Control Panel – Add/Remove programs and remove:

SpyKiller
BestPopUpKiller
WildTangent
AWS (WeatherBug)
UnSpyPC
Spyware Cleaner
Aluria Software
Windows SA



Click Start - Run - and type in:

services.msc

Click OK.

In the services window find ZPMODEMSYSNTDRVNT. (It may not be there as this one gets installed stealth).

Right click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Start-up Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

Repeat the same process above for this service: Security Agent


You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

O2 - BHO: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)

O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL (file missing)

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1

O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F406F71-EBA2-4DC8-AC60-8315970445DC}: NameServer = 85.255.114.40,85.255.112.156

O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.exe" start (file missing)


Click FIX CHECKED. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.


In the windows control panel, if you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections.

Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically

Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available one some systems


Next Go start run type cmd and hit OK and type:

ipconfig /flushdns

Then hit enter, type exit and hit enter again. (The space between g and / is needed)


Copy of the contents of the quote box to Notepad and save as Fixron.reg (be sure to select “all files”). Double click on the Fixron.reg file and at the prompt allow it to enter into the registry.


REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZPMODEMSYSNTDRVNT]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Desktop]

Run Killbox on these files:

C:\WINDOWS\System32\idemlog.exe

C:\WINDOWS\System32\idesk.conf

C:\WINDOWS\System32\drivers\zpmodemnt.sys



Do this Panda Active Scan. Be sure to save the log it creates.


Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log and the results of the Panda scan into this topic.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top