1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Tesllar A ?? help please?

Discussion in 'Virus & Other Malware Removal' started by angelseyes27, Jul 16, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. angelseyes27

    angelseyes27 Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    12
    Hello,
    My spyware virgins own PCGuard has detected i have Tesllar A on my pc but cant delete it, i have run spybot s+d antisuperspyware, pcgaurd spyware, virus scans ... pretty much everything a beginner like me can, i did some research on google and found maybe a hijack this log may help someone in the know help me get rid of this annoying thing!

    Logfile of HijackThis v1.99.1
    Scan saved at 12:47:58, on 16/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virgin Broadband\PCguard\fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\KService\KService.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\WLan.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\tsnp2std.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
    C:\Program Files\Lexmark 2300 Series\ezprint.exe
    C:\WINDOWS\CameraFixer.exe
    C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
    C:\Program Files\Virgin Broadband\PCguard\Rps.exe
    C:\APPS\SMP\SmpSys.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
    C:\WINDOWS\system32\lxcgcoms.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Documents and Settings\Danielle\My Documents\Programmes\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
    O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
    O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYGB
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://danniieverybodysangel.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156165144484
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
    O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    Please help :confused:

    Angel
    xxx
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome

    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  3. angelseyes27

    angelseyes27 Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    12
    Hello there :)

    Your probably going to find me and my laptop very annoying at some point, i hope not but here goes the news so far:

    I did everything you said to do, but when it comes to 'selecting a device to scan' nothing happens, it says theres an error on the page, i allowed the active x controls...

    Im not sure how to go about sorting this out. Very blonde you see :-S..lol

    i dont know if this is going to help or not but virgin medias PCguard keeps popping up with this message :

    Anti spyware failed to delete Tesllar A.
    Spyware Item Location:

    hkey_local\machine\system\currentcontrolset\enum\legacy_core.

    is there anything else i can try?...ill try the steps you said again.

    thank you.
    xx
    angel
     
  4. angelseyes27

    angelseyes27 Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    12
    ok i manages to uninstall and re-install the Activescan thingy...lol

    heres the report:


    Incident Status Location

    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Internet Explorer\MSIMG32.dll
    Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15-3.inf
    Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
    Potentially unwanted tool:application/myglobalsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37B85A21-692B-4205-9CAD-2626E4993404}
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Danielle\Cookies\[email protected][2].txt
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll
    Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx
    hope this helps, just one more question please refer to my above respons with regards to where pcguard couldnt delete tesllar a in the hkey_ thingy... :-S

    xxx
    angel
     
  5. angelseyes27

    angelseyes27 Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    12
    hello?...

    I know you guys are well busy but im worried that this tesllar a thing will damage my pc...what is it anyways? a virus? a trojan? spyware and if so whats the harm it can do?

    xx
    angel
     
  6. angelseyes27

    angelseyes27 Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    12
  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    A trojan, or perhaps a rootkit. We need to dig deeper. But first do this.

    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Then do this

    Please run the F-Secure online virus/spyware scan using Internet Explorer:
    http://support.f-secure.com/enu/home/ols.shtml
    Follow the directions in the F-Secure page for proper Installation.
    Accept the License Agreement.
    Once the ActiveX installs,Click ‘Custom Scan’ and be sure the following are checked:
    1.Scan whole System
    2.Scan all files
    3.Scan whole system for rootkits
    4.Scan whole system for spyware
    5.Scan inside archives
    6.Use advanced heuristics

    Once the download completes,the scan will begin automatically.
    The scan will take some time to finish,so please be patient.
    When the scan completes, click the ‘I want to decide item by item’ button.
    For each item found,Select ‘Disinfect’ and click ‘Next’.
    Click the ‘Show Report’ button,then copy and paste the entire report into your next reply.
     
  9. angelseyes27

    angelseyes27 Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    12
    Hello there :)
    Heres the avenger log file as requested.

    xx
    angel



    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\opqujbxd

    *******************

    Script file located at: \??\C:\cedssclv.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File c:\windows\downloaded program files\f3initialsetup1.0.0.15-3.inf deleted successfully.
    File C:\WINDOWS\system32\actskn45.ocx deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
     
  11. angelseyes27

    angelseyes27 Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    12
    awww bum!

    I ran the second scan and as it was late i left it to run over night, when i got up this morning to find 'it has encountered a problem and needs to close'....so i went throughthe above steps again only to find it wont run, somthing to do with active x and not having permission to use it???...i havent touched anyting on my laptop and i really dont understand why its not running at all now....so sorry for being a pain :-(

    any ideas?

    XX
    Angel
     
  12. angelseyes27

    angelseyes27 Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    12
    right hold that thought...i came in this afternoon and tried the scan again and low and behold itd working, i have everything crossed that it runs a complete scan and doesnt crash again....

    xxx
    angel
     
  13. angelseyes27

    angelseyes27 Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    12
    AT LAST! :)

    Heres the report. Hope this helps.

    Looking forward to your reply.

    xx
    Angel


    Scanning Report
    Wednesday, July 18, 2007 19:28:35 - 21:55:50
    Computer name: DANNII
    Scanning type: Scan system for viruses, rootkits, spyware
    Target: C:\ E:\


    --------------------------------------------------------------------------------

    Result: 7 malware found
    Tracking Cookie (spyware)
    System (Disinfected)
    System
    System
    System
    W32/Malware (virus)
    C:\Program Files\ntl\broadband medic\bin\disad.exe (Submitted)
    W32/Malware.WBT (virus)
    C:\Downloads\WinRAR.v3.70.Latest.Version.Incl.Keymaker&Patch.zip\keygen.exe
    C:\Documents and Settings\Danielle\My Documents\Programmes\keygen.exe (Submitted)

    --------------------------------------------------------------------------------

    Statistics
    Scanned:
    Files: 196280
    System: 4926
    Not scanned: 242
    Actions:
    Disinfected: 1
    Renamed: 0
    Deleted: 0
    None: 6
    Submitted: 2
    Files not scanned:
    Px��IBERFIL.SYS
    C:\PAGEFILE.SYS
    C:\WINDOWS\SYSTEM32\BIOS1.ROM
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    C:\WINDOWS\SYSTEM32\CONFIG\SAM
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
    C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
    bios1.rom
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070715193419.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070715205124.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070715225237.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070716063711.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070716092616.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070716094913.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070716103243.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070716111032.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070717065021.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070717073516.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070717210951.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070717212138.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070718145454.zip\0
    C:\Program Files\Common Files\PestPatrol\Quarantine\20070718182348.zip\0
    C:\MY MUSIC\CRAZY FROG - AXEL F DANCE TUNE.MP3
    C:\MY MUSIC\GROOVE ARMADA - GET DOWN.MP3
    C:\MY MUSIC\PINK - STUPID GIRLS.MP3
    C:\MY MUSIC\SNOW PATROL - OPEN YOUR EYES.MP3
    C:\MY MUSIC\SNOW PATROL- CHASING CARS.MP3
    C:\MY MUSIC\TRAPT - ENIGMA.MP3
    C:\INCOMPLETE\T-5167820-METALLICA - SAD BUT TRUE.MP3
    C:\DRIVERS\MCDBF\SOURCE1\OTHER.EXE\BIOSLOCK.PIF
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    C:\DOCUMENTS AND SETTINGS\DANIELLE\NTUSER.DAT
    C:\DOCUMENTS AND SETTINGS\DANIELLE\SHARED\ERIC PRYDZ VS PINK FLOYD - PROPER EDUCATION(REMIX).MP3
    C:\DOCUMENTS AND SETTINGS\DANIELLE\SHARED\MUSE - STOCKHOLM SYNDROME.MP3
    C:\DOCUMENTS AND SETTINGS\DANIELLE\SHARED\SNOW PATROL - CHASING CARS.MP3
    C:\DOCUMENTS AND SETTINGS\DANIELLE\MY DOCUMENTS\ULEAD VIDEOSTUDIO\8.0\~VIDEO.UKE
    C:\DOCUMENTS AND SETTINGS\DANIELLE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    C:\DOCUMENTS AND SETTINGS\DANIELLE\APPLICATION DATA\ULEAD SYSTEMS\ULEAD VIDEOSTUDIO\8.0\PFM.DAT
    C:\Documents and Settings\Danielle\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 07-15-2007 - 21-38-38.SBU\backup.db
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VIRGIN BROADBAND\PCGUARD\LOGS\SAFETYCONSOLELOG07-18-2007--15-54-42.LOG
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ULEAD SYSTEMS\ULEAD VIDEOSTUDIO\8.0\U32BASE.CFG
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ULEAD SYSTEMS\ULEAD VIDEO TOOLBOX\2.0\U32BASE.CFG
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ULEAD SYSTEMS\ULEAD PHOTOIMPACT\10.0 SE\U32BASE.CFG
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bearshare.zip\sbRecovery.reg
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bearshare1.zip\sbRecovery.reg
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bearshare2.zip\sbRecovery.reg
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\sbRecovery.reg
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip\sbReH�ptPx��C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#3FC8351649B2.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#4208750C'.APx�#w/file>C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#4208C232628E.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#4F647317B7FA.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#50CC1D364F31.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#60681EDDA070.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#6A788D5CDF00.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#6B3C28A8327D.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#79DC1B545645.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#7AD8D5220F59.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#7E384D2C8CB9.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#96B03ECF3CAD.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#9CE01DBFD850.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#A1F059BD3340.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#A358CDE6686C.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#B5345C69B52E.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#C5F0DCCDFA83.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#CADCB9F6ED76.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MESSENGER PLUS!\CUSTOM SOUNDS\#CFA4049D24F7.DATC:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\STORAGE\CACHE.DB

    --------------------------------------------------------------------------------

    Options
    Scanning engines:
    F-Secure Libra: 2.4.2, 2007-07-18
    F-Secure AVP: 7.0.171, 2007-07-18
    F-Secure Orion: 1.2.37, 2007-07-18
    F-Secure Blacklight: 1.0.64
    F-Secure Draco: 1.0.35, 0260-23-12
    F-Secure Pegasus: 1.19.0, 2007-06-17
    Scanning options:
    Scan all files
    Scan inside archives
    Use Advanced heuristics

    --------------------------------------------------------------------------------

    Copyright © 1998-2006 Product support |Send virus sample to F-Secure
    F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  15. angelseyes27

    angelseyes27 Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    12
    spy sweeper scan log:

    Keylogger: Off
    20:36: Informational: ShieldEmail: Start monitoring port 25 for mail activities
    E-mail Attachment: On
    20:36: Informational: ShieldEmail: Start monitoring port 110 for mail activities
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    File System Shield: On
    Execution Shield: On
    System Services Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    20:36: Shield States
    20:36: License Check Status (0): Success
    20:35: Spyware Definitions: 950
    20:35: Spy Sweeper 5.5.1.3356 started
    20:35: Spy Sweeper 5.5.1.3356 started
    20:35: | Start of Session, 19 July 2007 |
    ***************
    15:24: ApplicationMinimized - EXIT
    15:24: ApplicationMinimized - ENTER
    15:20: None
    15:20: Traces Found: 0
    15:20: Custom Sweep has completed. Elapsed time 00:16:36
    15:20: File Sweep Complete, Elapsed Time: 00:14:05
    Not enough storage is available to process this command
    15:14: Warning: Unable to sweep compressed file: System Error. Code: 8.
    Not enough storage is available to process this command
    15:13: Warning: Unable to sweep compressed file: System Error. Code: 8.
    Not enough storage is available to process this command
    15:13: Warning: Unable to sweep compressed file: System Error. Code: 8.
    15:13: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
    15:13: Warning: Failed to open file "c:\documents and settings\danielle\cookies\[email protected][2].txt". The operation completed successfully
    15:13: Warning: Failed to open file "c:\documents and settings\danielle\local settings\temporary internet files\content.ie5\6bq0oa1r\adopt[1].htm". The operation completed successfully
    15:13: Warning: Failed to open file "c:\documents and settings\danielle\local settings\temporary internet files\content.ie5\6bq0oa1r\adopt[2].htm". The operation completed successfully
    15:06: Starting File Sweep
    15:06: Cookie Sweep Complete, Elapsed Time: 00:00:00
    15:06: Starting Cookie Sweep
    15:06: Registry Sweep Complete, Elapsed Time:00:00:11
    15:05: Starting Registry Sweep
    15:05: Memory Sweep Complete, Elapsed Time: 00:02:16
    15:03: ApplicationMinimized - EXIT
    15:03: ApplicationMinimized - ENTER
    15:03: Starting Memory Sweep
    15:03: Start Custom Sweep
    15:03: Sweep initiated using definitions version 950
    15:03: None
    15:03: Traces Found: 0
    15:03: Memory Sweep Complete, Elapsed Time: 00:00:12
    15:03: Sweep Canceled
    15:03: Starting Memory Sweep
    15:03: Start Custom Sweep
    15:03: Sweep initiated using definitions version 950
    15:01: Deletion from quarantine completed. Elapsed time 00:00:00
    15:01: Processing: core adware
    15:01: Processing: core adware
    15:01: Deletion from quarantine initiated
    15:00: Removal process completed. Elapsed time 00:00:02
    15:00: Quarantining All Traces: core adware
    14:59: Removal process initiated
    14:48: Traces Found: 2
    14:48: Custom Sweep has completed. Elapsed time 00:17:01
    14:48: File Sweep Complete, Elapsed Time: 00:14:57
    Not enough storage is available to process this command
    14:44: Warning: Unable to sweep compressed file: System Error. Code: 8.
    Not enough storage is available to process this command
    14:42: Warning: Unable to sweep compressed file: System Error. Code: 8.
    Not enough storage is available to process this command
    14:42: Warning: Unable to sweep compressed file: System Error. Code: 8.
    14:42: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
    14:36: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\system32\csrss.exe
    14:35: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\system32\csrss.exe
    14:34: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\system32\csrss.exe
    14:33: Starting File Sweep
    14:33: Cookie Sweep Complete, Elapsed Time: 00:00:00
    14:33: Starting Cookie Sweep
    14:33: Registry Sweep Complete, Elapsed Time:00:00:08
    14:33: HKLM\system\controlset003\enum\root\legacy_core\ (ID = 2152512)
    14:33: HKLM\system\controlset001\enum\root\legacy_core\ (ID = 2118323)
    14:33: Found Adware: core adware
    14:33: Starting Registry Sweep
    14:33: Memory Sweep Complete, Elapsed Time: 00:01:53
    14:31: Starting Memory Sweep
    14:31: Start Custom Sweep
    14:31: Sweep initiated using definitions version 950
    Keylogger: Off
    14:26: Informational: ShieldEmail: Start monitoring port 25 for mail activities
    E-mail Attachment: On
    14:26: Informational: ShieldEmail: Start monitoring port 110 for mail activities
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    File System Shield: On
    Execution Shield: On
    System Services Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    14:26: Shield States
    14:26: License Check Status (0): Success
    14:25: Spyware Definitions: 950
    14:25: Spy Sweeper 5.5.1.3356 started
    14:25: Spy Sweeper 5.5.1.3356 started
    14:25: | Start of Session, 19 July 2007 |
    ***************
    Keylogger: Off
    16:42: Informational: ShieldEmail: Start monitoring port 25 for mail activities
    E-mail Attachment: On
    16:42: Informational: ShieldEmail: Start monitoring port 110 for mail activities
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    File System Shield: On
    Execution Shield: On
    System Services Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    16:42: Shield States
    16:42: License Check Status (0): Success
    16:42: Spyware Definitions: 950
    16:41: Spy Sweeper 5.5.1.3356 started
    16:41: Spy Sweeper 5.5.1.3356 started
    16:41: | Start of Session, 19 July 2007 |
    ***************



    xxx
    angel
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/596404

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice