Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

having problems doing my HijackThis log.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby batesy » June 6th, 2006, 12:28 pm

Well Norton expired a couple of weeks ago, and i never renewed it. So i was anti-virusless for 2 weeks, until i downloaded the free version of AVG.
batesy
Regular Member
 
Posts: 17
Joined: June 5th, 2006, 6:29 am
Location: north east
Advertisement
Register to Remove

Unread postby 'KotaGuy » June 6th, 2006, 12:35 pm

If thats the case then you may as well uninstall Norton.

How is you computer behaving now?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby batesy » June 6th, 2006, 1:27 pm

It seems to be ok, ive uninstalled norton. It still seems a bit slow, but that may just be me, ill ask my son later if it seems ok to him.

Thank you so much for your help, youve been fab. its much appreciated.
batesy
Regular Member
 
Posts: 17
Joined: June 5th, 2006, 6:29 am
Location: north east

Unread postby 'KotaGuy » June 6th, 2006, 1:35 pm

No problem... we could do a couple more scans to see if anything is still lurking about if you want.

If you do... download WinPFind and extract it to your C:\ drive. This will create a folder called WinPFind in the C:\ drive. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more. Once its done you can copy/paste the results into a ne notepad document and save it to your Desktop.

Also do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.


Post the WinPFind log along with the KAV scan log.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby batesy » June 7th, 2006, 3:06 am

It says there are 16 viruses, and 38 infected objects!! here are the reports-


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
qoologic 06/06/2006 22:53:38 204131 C:\WinPFind.zip

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 29/08/2002 13:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 23/05/2006 17:26:00 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 04/05/2006 05:26:22 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04/05/2006 05:26:22 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04/08/2004 08:56:36 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
PEC2 28/02/2002 20:42:54 13107200 C:\WINDOWS\SYSTEM32\oembios.bin
Umonitor 04/08/2004 08:56:44 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 29/08/2002 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 23/05/2006 17:25:52 285488 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
UPX! 04/06/2006 22:07:00 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 04/06/2006 22:07:00 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 04/06/2006 22:07:00 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 04/06/2006 22:07:00 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 04/08/2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
06/06/2006 21:44:14 S 2048 C:\WINDOWS\bootstat.dat
06/06/2006 21:45:14 H 54156 C:\WINDOWS\QTFont.qfn
06/06/2006 21:48:26 H 237 C:\WINDOWS\system32\vsconfig.xml
23/05/2006 17:27:00 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
06/06/2006 21:53:04 H 1024 C:\WINDOWS\system32\config\default.LOG
06/06/2006 21:44:48 H 1024 C:\WINDOWS\system32\config\SAM.LOG
06/06/2006 21:54:28 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
06/06/2006 23:00:28 H 24576 C:\WINDOWS\system32\config\software.LOG
06/06/2006 22:59:00 H 1024 C:\WINDOWS\system32\config\system.LOG
05/06/2006 22:55:14 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
05/05/2006 08:15:38 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\22d91d50-4872-45fe-8016-5f4a3d91d342
05/05/2006 08:15:38 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
06/06/2006 23:00:02 H 258 C:\WINDOWS\Tasks\A922C56D90957711.job
06/06/2006 21:47:20 H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
06/06/2006 21:44:20 H 6 C:\WINDOWS\Tasks\SA.DAT
06/06/2006 07:47:58 HS 113 C:\WINDOWS\temp\History\History.IE5\desktop.ini
06/06/2006 07:47:56 HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\desktop.ini
06/06/2006 07:47:56 HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\492FKX2V\desktop.ini
06/06/2006 07:47:56 HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\NVNGF9DO\desktop.ini
06/06/2006 07:47:56 HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SRUTAH6H\desktop.ini
06/06/2006 07:47:56 HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\U9IT632V\desktop.ini

Checking for CPL files...
Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
Avance Logic, Inc. 30/06/2002 00:05:00 617984 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 04/08/2004 08:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04/08/2004 08:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04/08/2004 08:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04/08/2004 08:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04/08/2004 08:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04/08/2004 08:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04/08/2004 08:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04/08/2004 08:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03/05/2006 02:56:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 29/08/2002 13:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04/08/2004 08:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29/08/2002 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04/08/2004 08:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04/08/2004 08:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 01/01/2003 02:18:00 139264 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 04/08/2004 08:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04/08/2004 08:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 03/10/2003 15:14:30 314880 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 04/08/2004 08:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29/08/2002 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04/08/2004 08:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04/08/2004 08:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
NVIDIA Corporation 01/01/2003 02:18:00 139264 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\nvtuicpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/02/2006 10:02:06 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
19/10/2004 18:47:36 1684 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\blueyonder Instant Support Tool.lnk
10/05/2003 10:40:04 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
02/08/2003 17:48:32 1621 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 1.0.lnk
06/06/2006 21:45:28 1805 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eBay Toolbar.LNK
06/06/2006 21:38:54 1833 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
06/06/2006 21:41:04 1954 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
29/11/2005 17:02:16 763 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
29/11/2005 17:01:42 813 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
11/07/2003 23:00:20 1898 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk
04/05/2004 19:37:06 748 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/05/2003 11:31:10 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
10/05/2003 10:40:04 HS 84 C:\Documents and Settings\stephanie bate\Start Menu\Programs\Startup\desktop.ini
22/12/2005 17:45:24 1538 C:\Documents and Settings\stephanie bate\Start Menu\Programs\Startup\LimeWire On Startup.lnk

Checking files in %USERPROFILE%\Application Data folder...
10/02/2006 09:58:04 2783 C:\Documents and Settings\stephanie bate\Application Data\AdobeDLM.log
10/05/2003 11:31:10 HS 62 C:\Documents and Settings\stephanie bate\Application Data\desktop.ini
10/02/2006 09:58:02 0 C:\Documents and Settings\stephanie bate\Application Data\dm.ini
15/06/2004 19:41:20 227 C:\Documents and Settings\stephanie bate\Application Data\dpusys.ini
29/11/2005 17:13:26 284 C:\Documents and Settings\stephanie bate\Application Data\ViewerApp.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
VNIE5 RefIE5 = IEAK
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EPPShellEx
{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78} = C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShellEx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\PROGRA~1\INCRED~1\bin\ImShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{001F2570-5DF5-11d3-B991-00A0C9BB0874}
eBay Helper Object = C:\Program Files\eBay\eBay Toolbar\4.4.0.2\eBayBand.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}
= C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
ST = C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar3.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-gb\msntb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
EpsonToolBandKicker Class = C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-gb\msntb.dll
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = eBay Toolbar : C:\Program Files\eBay\eBay Toolbar\4.4.0.2\eBayBand.dll
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} = EPSON Web-To-Page : C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{724d43a0-0d85-11d4-9908-00400523e39a} = &RoboForm : C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}
ButtonText = Fill Forms :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}
ButtonText = Save :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}
ButtonText = RoboForm :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92D7F210-7F20-11d3-8157-0090278B20DE}
ButtonText = eBay Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = Money Viewer :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = eBay Toolbar : C:\Program Files\eBay\eBay Toolbar\4.4.0.2\eBayBand.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar3.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-gb\msntb.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{71ED4FBA-4024-4BBE-91DC-9704C93F453E} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar3.dll
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = eBay Toolbar : C:\Program Files\eBay\eBay Toolbar\4.4.0.2\eBayBand.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-gb\msntb.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{FAA356E4-D317-42A6-AB41-A3021C6E7D52} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} = EPSON Web-To-Page : C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} = :
{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} = Need2Find Bar : C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
{724D43A0-0D85-11D4-9908-00400523E39A} = &RoboForm : C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CHotkey mHotkey.exe
EPSON Stylus C44 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
madeSafe Shield C:\Program Files\solarSoft\madeSafe\smsh1.exe
msnappau "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
FLMOFFICE4DMOUSE C:\Program Files\Browser MOUSE\mouse32a.exe
BigDogPath C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
EPSON Stylus Photo R220 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB003" /M "Stylus Photo R220"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
MoneyAgent "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
EPSON Stylus C44 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /M "Stylus C44"
IncrediMail C:\Program Files\IncrediMail\bin\IncMail.exe /c
RoboForm "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
ScanWithAntiVirus 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key Æ’ÃŽ Z…ÒiÂ
batesy
Regular Member
 
Posts: 17
Joined: June 5th, 2006, 6:29 am
Location: north east

Unread postby batesy » June 7th, 2006, 3:07 am

Its no wonder my computer is still running slow.
batesy
Regular Member
 
Posts: 17
Joined: June 5th, 2006, 6:29 am
Location: north east

Unread postby 'KotaGuy » June 7th, 2006, 3:25 am

Thanks for posting the logs.

Search for and delete these folders:

C:\Documents and Settings\All Users\Application Data\eggs wave spam dent
C:\Documents and Settings\micky\Application Data\Cash save ace
C:\Program Files\SexyBuddy

Search for and delete these files:

C:\Documents and Settings\stephanie bate\Application Data\dpusys.ini

Copy/paste the following quote box into a new notepad document.

dir "%WinDir%\tasks" /a h > files.txt
echo.>> files.txt
start files.txt


Save it to your Desktop as FindLOP.bat. Save it as File Type All Files. Double click FindLOP.bat and post the log it creates.

Thanks!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby batesy » June 7th, 2006, 3:42 am

[quote="'KotaGuy"]

Search for and delete these folders:

C:\Documents and Settings\All Users\Application Data\eggs wave spam dent
C:\Documents and Settings\micky\Application Data\Cash save ace
C:\Program Files\SexyBuddy

Search for and delete these files:

C:\Documents and Settings\stephanie bate\Application Data\dpusys.ini



How do you search for them?

I clicked the start menu, then 'search', but its not finding them. Am i searching in the wrong place?
sorry to be a pain.
batesy
Regular Member
 
Posts: 17
Joined: June 5th, 2006, 6:29 am
Location: north east

Unread postby 'KotaGuy » June 7th, 2006, 3:48 am

Double click on My Computer. Then the C: drive. Then the Documents and Settings folder... etc. Keep opening the folders until you can see the ones I've hilited. Then delete them :)
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby batesy » June 7th, 2006, 3:58 am

Ok, i think ive done this right. -

Volume in drive C has no label.
Volume Serial Number is 94FC-F218

Directory of C:\WINDOWS\tasks

07/06/2006 02:25 <DIR> .
07/06/2006 02:25 <DIR> ..
29/08/2002 13:00 65 desktop.ini
07/06/2006 02:22 330 MP Scheduled Scan.job
06/06/2006 21:44 6 SA.DAT
07/06/2006 08:57 366 Symantec NetDetect.job
4 File(s) 767 bytes

Directory of C:\Documents and Settings\stephanie bate\Desktop
batesy
Regular Member
 
Posts: 17
Joined: June 5th, 2006, 6:29 am
Location: north east

Unread postby 'KotaGuy » June 7th, 2006, 4:10 am

OK... no LOP jobs are there... how is your computer behaving now?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby batesy » June 7th, 2006, 4:14 am

I think it seems to be ok, internet explorer is running smoothly, and when i clicked on my email, it took me straight there practically, without much of a delay.
batesy
Regular Member
 
Posts: 17
Joined: June 5th, 2006, 6:29 am
Location: north east

Unread postby 'KotaGuy » June 7th, 2006, 4:28 am

OK... sounds like we got it beat!

Can I get you to do another WinPFind scan and another KAV scan and post the logs please.

Just want to make sure everything is taken care of.

I gotta head for bed now... 2:30am here :)

Will take a look at the logs when I get up.

Thanks!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby batesy » June 7th, 2006, 6:14 am

It still shows up as 16 viruses and 38 infected??

here are the scans.....

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
qoologic 06/06/2006 22:53:38 204131 C:\WinPFind.zip

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 29/08/2002 13:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 23/05/2006 17:26:00 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 04/05/2006 05:26:22 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04/05/2006 05:26:22 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04/08/2004 08:56:36 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
PEC2 28/02/2002 20:42:54 13107200 C:\WINDOWS\SYSTEM32\oembios.bin
Umonitor 04/08/2004 08:56:44 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 29/08/2002 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 23/05/2006 17:25:52 285488 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
UPX! 04/06/2006 22:07:00 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 04/06/2006 22:07:00 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 04/06/2006 22:07:00 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 04/06/2006 22:07:00 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 04/08/2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
06/06/2006 21:44:14 S 2048 C:\WINDOWS\bootstat.dat
06/06/2006 21:45:14 H 54156 C:\WINDOWS\QTFont.qfn
06/06/2006 23:27:40 H 0 C:\WINDOWS\LastGood\INF\oem27.inf
06/06/2006 23:27:40 H 0 C:\WINDOWS\LastGood\INF\oem27.PNF
06/06/2006 21:48:26 H 237 C:\WINDOWS\system32\vsconfig.xml
23/05/2006 17:27:00 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
07/06/2006 09:07:58 H 1024 C:\WINDOWS\system32\config\default.LOG
07/06/2006 09:30:10 H 1024 C:\WINDOWS\system32\config\SAM.LOG
07/06/2006 07:44:58 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
07/06/2006 09:37:08 H 1024 C:\WINDOWS\system32\config\software.LOG
07/06/2006 09:36:34 H 1024 C:\WINDOWS\system32\config\system.LOG
07/06/2006 02:25:28 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
05/05/2006 08:15:38 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\22d91d50-4872-45fe-8016-5f4a3d91d342
05/05/2006 08:15:38 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
07/06/2006 02:22:24 H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
06/06/2006 21:44:20 H 6 C:\WINDOWS\Tasks\SA.DAT
06/06/2006 07:47:58 HS 113 C:\WINDOWS\temp\History\History.IE5\desktop.ini
06/06/2006 07:47:56 HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\desktop.ini
06/06/2006 07:47:56 HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\492FKX2V\desktop.ini
06/06/2006 07:47:56 HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\NVNGF9DO\desktop.ini
06/06/2006 07:47:56 HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\SRUTAH6H\desktop.ini
06/06/2006 07:47:56 HS 67 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\U9IT632V\desktop.ini

Checking for CPL files...
Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
Avance Logic, Inc. 30/06/2002 00:05:00 617984 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 04/08/2004 08:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04/08/2004 08:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04/08/2004 08:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04/08/2004 08:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04/08/2004 08:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04/08/2004 08:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04/08/2004 08:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04/08/2004 08:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03/05/2006 02:56:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 29/08/2002 13:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04/08/2004 08:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29/08/2002 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04/08/2004 08:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04/08/2004 08:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 01/01/2003 02:18:00 139264 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 04/08/2004 08:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04/08/2004 08:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 03/10/2003 15:14:30 314880 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 04/08/2004 08:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29/08/2002 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04/08/2004 08:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04/08/2004 08:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
NVIDIA Corporation 01/01/2003 02:18:00 139264 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\nvtuicpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/02/2006 10:02:06 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
19/10/2004 18:47:36 1684 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\blueyonder Instant Support Tool.lnk
10/05/2003 10:40:04 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
02/08/2003 17:48:32 1621 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 1.0.lnk
06/06/2006 21:45:28 1805 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eBay Toolbar.LNK
06/06/2006 21:38:54 1833 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
06/06/2006 21:41:04 1954 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
29/11/2005 17:02:16 763 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
29/11/2005 17:01:42 813 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
11/07/2003 23:00:20 1898 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk
04/05/2004 19:37:06 748 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/05/2003 11:31:10 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
10/05/2003 10:40:04 HS 84 C:\Documents and Settings\stephanie bate\Start Menu\Programs\Startup\desktop.ini
22/12/2005 17:45:24 1538 C:\Documents and Settings\stephanie bate\Start Menu\Programs\Startup\LimeWire On Startup.lnk

Checking files in %USERPROFILE%\Application Data folder...
10/02/2006 09:58:04 2783 C:\Documents and Settings\stephanie bate\Application Data\AdobeDLM.log
10/05/2003 11:31:10 HS 62 C:\Documents and Settings\stephanie bate\Application Data\desktop.ini
10/02/2006 09:58:02 0 C:\Documents and Settings\stephanie bate\Application Data\dm.ini
29/11/2005 17:13:26 284 C:\Documents and Settings\stephanie bate\Application Data\ViewerApp.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
VNIE5 RefIE5 = IEAK
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EPPShellEx
{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78} = C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShellEx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\PROGRA~1\INCRED~1\bin\ImShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{001F2570-5DF5-11d3-B991-00A0C9BB0874}
eBay Helper Object = C:\Program Files\eBay\eBay Toolbar\4.4.0.2\eBayBand.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}
= C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
ST = C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar3.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-gb\msntb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
EpsonToolBandKicker Class = C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-gb\msntb.dll
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = eBay Toolbar : C:\Program Files\eBay\eBay Toolbar\4.4.0.2\eBayBand.dll
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} = EPSON Web-To-Page : C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{724d43a0-0d85-11d4-9908-00400523e39a} = &RoboForm : C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F46}
ButtonText = Fill Forms :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{320AF880-6646-11D3-ABEE-C5DBF3571F49}
ButtonText = Save :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{724d43aa-0d85-11d4-9908-00400523e39a}
ButtonText = RoboForm :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92D7F210-7F20-11d3-8157-0090278B20DE}
ButtonText = eBay Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = Money Viewer :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = eBay Toolbar : C:\Program Files\eBay\eBay Toolbar\4.4.0.2\eBayBand.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar3.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-gb\msntb.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{71ED4FBA-4024-4BBE-91DC-9704C93F453E} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar3.dll
{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} = eBay Toolbar : C:\Program Files\eBay\eBay Toolbar\4.4.0.2\eBayBand.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-gb\msntb.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{FAA356E4-D317-42A6-AB41-A3021C6E7D52} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} = EPSON Web-To-Page : C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} = :
{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} = Need2Find Bar : C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
{724D43A0-0D85-11D4-9908-00400523E39A} = &RoboForm : C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CHotkey mHotkey.exe
EPSON Stylus C44 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
madeSafe Shield C:\Program Files\solarSoft\madeSafe\smsh1.exe
msnappau "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
FLMOFFICE4DMOUSE C:\Program Files\Browser MOUSE\mouse32a.exe
BigDogPath C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
EPSON Stylus Photo R220 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB003" /M "Stylus Photo R220"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
MoneyAgent "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
EPSON Stylus C44 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /M "Stylus C44"
IncrediMail C:\Program Files\IncrediMail\bin\IncMail.exe /c
RoboForm "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
ScanWithAntiVirus 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key Æ’ÃŽ Z…ÒiÂ
batesy
Regular Member
 
Posts: 17
Joined: June 5th, 2006, 6:29 am
Location: north east

Unread postby 'KotaGuy » June 7th, 2006, 2:12 pm

That looks better. The scanner is just detecting the stuff you've deleted and backups that have been created in System Restore... we'll get rid of those ;)

I'd have to say you computer is clean... good work! :thumbup:

So... empty your Recycle Bin... right click on it and choose Emtpy Recycle Bin. That will get rid of the baddies in there.

If you don't have them, download Ad-Aware and Spybot S&D. Visit this page for proper configuration of Spybot and Ad-Aware. Run and scan with both, letting them fix whatever they find. Remember to reboot between each scan.

Now that your computer is clean, its a good time to reset your System Restore point. This will get rid of the baddies that are in them and ensure a clean backup to fall upon if you ever need it. To do this:
  • Right-click My Computer, and then click Properties.
  • Click the System Restore tab.
  • Check the "Turn off System Restore" or "Turn off System Restore on all drives"

Reboot your computer, follow the steps above, this time unchecking the "Turn off System Restore" and reboot.

I recommend downloading and installing SpywareBlaster, SpywareGuard, and IE-SPYAD as well. The programs are free and can be updated... so please do so. Installing these will go a long way in preventing reinfection.

Check out these links How'd I get Infected and Understanding Spyware as well, some good information for you.

Other than that, remember to update Windows frequently, update your protection programs, scan often and...

Surf Safe!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware