Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Viruses and malware reappear upon boot

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Bertha » May 20th, 2005, 4:20 pm

Ok barb,

Go to ADD/Remove (via Control Panel) UNINSTALL if present

Incredimail

Now Run Hijackthis and check these entries

O4 - HKLM\..\Run: [IncredimailDownloader] C:\WINDOWS\DOWNLO~1\imloader.exe

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/se ... loader.cab

With all windows closed click fix

Reboot

Post a new Log back here and tell me how things are?

Also do you use multiple user accounts on your computer?

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands
Advertisement
Register to Remove

Unread postby Barb » May 20th, 2005, 5:06 pm

Bertha, I do not use multiple user accounts on my computer.

I don't find Incredimail in the programs list but I ran Hijackthis and checked the 2 entries and then fix. After rebooting, I got this logfile:

Logfile of HijackThis v1.99.1
Scan saved at 1:47:32 PM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\ggviewer67-48.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PAPRPORT\FBDirect.exe
C:\PAPRPORT\pptd40nt.exe
C:\WINDOWS\LTSMMSG.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PAPRPORT\PPWebCap.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\sony\giga pocket\usbsircs.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Microsoft bCentral\PositionAgent\PA.exe
C:\Program Files\Sony\giga pocket\ReserveModule.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\Sony\GIGAPO~1\Sgpcom.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
H:\downloads\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rushconsulting.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.rushconsulting.com"); (C:\Documents and Settings\Barbara Rush\Application Data\Mozilla\Profiles\default\lqjm55sk.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Barbara Rush\Application Data\Mozilla\Profiles\default\lqjm55sk.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PP5300usb] C:\PAPRPORT\FBDirect.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\PAPRPORT\pptd40nt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [IndexSearch] C:\PAPRPORT\IndexSearch.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AutoProp] C:\PROGRA~1\MICROS~4\Office10\bots\fp_wmp\regprop.exe C:\PROGRA~1\MICROS~4\Office10\bots\fp_wmp\WMPaddin.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PAPRPORT\PPWebCap.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Shortcut to OUTLOOK.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: PositionAgent.lnk = C:\Program Files\Microsoft bCentral\PositionAgent\PA.exe
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\giga pocket\ReserveModule.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: {0075546E-5D3D-11D2-A3E5-0060971304D8} (WTX_Installer Class) - http://www.webtrends.com/Download/Brows ... _setup.dll
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://ciscdb.sel.sony.com/support/pops ... ioInfo.CAB
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_ ... ofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} (MMRadioHostX Class) - http://wwws.musicmatch.com/graphics/Web ... dio_Nt.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdcc ... onyctl.CAB
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (Application) (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

Then I ran Spybot, which found and fixed MagicControl.Agent and CasinoPopupStuff.
I then ran Hijackthis and here is the logfile. Is there a difference in the 2 logfiles?

Logfile of HijackThis v1.99.1
Scan saved at 1:58:40 PM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\ggviewer67-48.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PAPRPORT\FBDirect.exe
C:\PAPRPORT\pptd40nt.exe
C:\WINDOWS\LTSMMSG.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PAPRPORT\PPWebCap.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\sony\giga pocket\usbsircs.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Microsoft bCentral\PositionAgent\PA.exe
C:\Program Files\Sony\giga pocket\ReserveModule.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\Sony\GIGAPO~1\Sgpcom.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
H:\downloads\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rushconsulting.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.rushconsulting.com"); (C:\Documents and Settings\Barbara Rush\Application Data\Mozilla\Profiles\default\lqjm55sk.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Barbara Rush\Application Data\Mozilla\Profiles\default\lqjm55sk.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PP5300usb] C:\PAPRPORT\FBDirect.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\PAPRPORT\pptd40nt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [IndexSearch] C:\PAPRPORT\IndexSearch.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AutoProp] C:\PROGRA~1\MICROS~4\Office10\bots\fp_wmp\regprop.exe C:\PROGRA~1\MICROS~4\Office10\bots\fp_wmp\WMPaddin.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PAPRPORT\PPWebCap.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Shortcut to OUTLOOK.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: PositionAgent.lnk = C:\Program Files\Microsoft bCentral\PositionAgent\PA.exe
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\giga pocket\ReserveModule.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: {0075546E-5D3D-11D2-A3E5-0060971304D8} (WTX_Installer Class) - http://www.webtrends.com/Download/Brows ... _setup.dll
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://ciscdb.sel.sony.com/support/pops ... ioInfo.CAB
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_ ... ofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcg ... cgdmgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} (MMRadioHostX Class) - http://wwws.musicmatch.com/graphics/Web ... dio_Nt.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdcc ... onyctl.CAB
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (Application) (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

BTW, an Internet window just opened with the nuker.com site. It closed by itself after a couple of minutes while I was typing this.
Barb
Regular Member
 
Posts: 22
Joined: May 5th, 2005, 8:11 pm

Unread postby Bertha » May 22nd, 2005, 7:54 am

Hey Barb,

Sorry about the wait, Ive been doing a little research

I would like to see a SpyBot Log

Please do as follows,

This is how to get the complete report we need.

Open SpyBot, Update, check for problems and fix everything found. On the
toolbar menu select mode and switch to advanced mode, on the
left....lower down, select tools,and view report.

Ensure all the options are selected near the bottom except [ ] do not
report disabled or known legitimate Items, then select(near the top)
view report.

Press export, in the save in box choose a place such as your my
documents folder, then in your next post near the bottom select the
"browse" button , navigate to and attach that report.

Heres a helping hand if you are stuck -
http://net-integration.net/main/content/view/47/25/

Post the Log back here

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby Barb » May 22nd, 2005, 1:31 pm

That darn nuker.com window just opened. This is after running Spybot and fixing.
Attached is the SpyBot report. No, I don't find a "Browse" button to do an attachment, so I'll copy the text here. I hope that's OK.


--- Search result list ---
MagicControl.Agent: User settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-3009342548-954458941-1801271328-1005\Software\mc\SA

MagicControl.Agent: User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-3009342548-954458941-1801271328-1005\Software\LanConfig


--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-04-27 Includes\Dialer.sbi
2005-05-12 Includes\Hijackers.sbi
2005-04-15 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-05-11 Includes\Malware.sbi
2005-05-11 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-05-11 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-05-11 Includes\Trojans.sbi


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Microsoft SQL Server 2000 Service Pack 3 Updates to MDAC 2.7 SP1
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Windows Media Player: Windows Media Player Hotfix [See KB837272 for more information]
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB893066
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)


--- Startup entries list ---
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88107
MD5: 338879395df79b77565077f9c0727f7b

Located: HK_LM:Run, AOL Spyware Protection
command: "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
file: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
size: 79448
MD5: 747f55208a1508db7b91e0e1fe0ef23a

Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 496752
MD5: c470f57fb6c4b4df32d694ce0fd2b387

Located: HK_LM:Run, AutoProp
command: C:\PROGRA~1\MICROS~4\Office10\bots\fp_wmp\regprop.exe C:\PROGRA~1\MICROS~4\Office10\bots\fp_wmp\WMPaddin.dll
file: C:\PROGRA~1\MICROS~4\Office10\bots\fp_wmp\regprop.exe
size: 36864
MD5: 06a4c46a2856bd5e3a631a268d306e3b

Located: HK_LM:Run, ezShieldProtector for Px
command: C:\WINDOWS\System32\ezSP_Px.exe
file: C:\WINDOWS\System32\ezSP_Px.exe
size: 40960
MD5: 2849ed071a0d83406bda342aa767f24e

Located: HK_LM:Run, IndexSearch
command: C:\PAPRPORT\IndexSearch.exe
file: C:\PAPRPORT\IndexSearch.exe
size: 40960
MD5: 1e7903df8917d777492f174db8b39f52

Located: HK_LM:Run, InstantAccess
command: C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
file: C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
size: 30720
MD5: c61eebaf8ef308a03c94b81dd20ca322

Located: HK_LM:Run, LTSMMSG
command: LTSMMSG.exe
file: C:\WINDOWS\LTSMMSG.exe
size: 32768
MD5: 2d88d91f138512ff7e4aab66486ee051

Located: HK_LM:Run, MCAgentExe
command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 278528
MD5: c9a041d6e5211ca48aeba3ac1987d837

Located: HK_LM:Run, MCUpdateExe
command: C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
file: C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
size: 180224
MD5: c7d0c96ad30cfafc37f621c75fad6252

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 323584
MD5: 99b4b415dd1be7325deda3b88df5938a

Located: HK_LM:Run, PaperPort PTD
command: C:\PAPRPORT\pptd40nt.exe
file: C:\PAPRPORT\pptd40nt.exe
size: 57393
MD5: f66581c91edfc0464457e2f0fdb65aff

Located: HK_LM:Run, PP5300usb
command: C:\PAPRPORT\FBDirect.exe
file: C:\PAPRPORT\FBDirect.exe
size: 226816
MD5: f7db84d61b8df0f708c0ed2e197609e1

Located: HK_LM:Run, Pure Networks Port Magic
command: "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
file: C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
size: 99480
MD5: ba99c608a075c44026720d5383f3d75b

Located: HK_LM:Run, QuickFinder Scheduler
command: "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
file: C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE
size: 77887
MD5: 5121b7bc599d22d26b939c95196f507c

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, RegisterDropHandler
command: C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
file: C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
size: 22528
MD5: 3e557819c975ae55c1b032304a426d6c

Located: HK_LM:Run, SiS KHooker
command: C:\WINDOWS\System32\khooker.exe

Located: HK_LM:Run, SiS Tray
command:

Located: HK_LM:Run, SiSUSBRG
command: C:\WINDOWS\SiSUSBrg.exe
file: C:\WINDOWS\SiSUSBrg.exe
size: 102400
MD5: 52ceb84ac83d8c7b0ac0c40a3b734d64

Located: HK_LM:Run, StorageGuard
command: "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
file: C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
size: 155648
MD5: 68c91658a3cb6773ec79c90cc0ee6bc1

Located: HK_LM:Run, THGuard
command: "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
file: C:\Program Files\TrojanHunter 4.2\THGuard.exe
size: 1089024
MD5: edb3dca0b1f57ac8d915c8ad0830b27c

Located: HK_LM:Run, THGuard
command: "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
file: C:\Program Files\TrojanHunter 4.2\THGuard.exe
size: 1089024
MD5: edb3dca0b1f57ac8d915c8ad0830b27c

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 3cf6bff887af6f733473d81a8921a5c5

Located: HK_LM:Run, VirusScan Online
command: "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
file: c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
size: 196608
MD5: 944982c9b57c8bcc58f4001a62cd503f

Located: HK_LM:Run, VSOCheckTask
command: "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
file: c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
size: 143360
MD5: d527afe3bed159802f84fee4118b995a

Located: HK_LM:RunServices, RegisterDropHandler
command: C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
file: C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
size: 22528
MD5: 3e557819c975ae55c1b032304a426d6c

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_CU:Run, PPWebCap
command: C:\PAPRPORT\PPWebCap.exe
file: C:\PAPRPORT\PPWebCap.exe
size: 94257
MD5: 6363883e4dd9e71c10e5f18ce2a4813b

Located: Startup (common), Acrobat Assistant.lnk
command: C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
file: C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
size: 82026
MD5: 21189b8f2d747b6981a54d5c5d554c8e

Located: Startup (common), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (common), America Online Tray Icon.lnk
command: C:\Program Files\America Online 9.0a\aoltray.exe
file: C:\Program Files\America Online 9.0a\aoltray.exe
size: 156784
MD5: d3e103e5b79a6e8ba5b58e0a7c21523b

Located: Startup (common), Giga Pocket Remocon Driver.lnk
command: C:\Program Files\sony\giga pocket\usbsircs.exe
file: C:\Program Files\sony\giga pocket\usbsircs.exe
size: 159744
MD5: 0dc08610250bea1f0a099375be6a3e8f

Located: Startup (common), Microsoft Broadband Networking.lnk
command: C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe
file: C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe
size: 25214
MD5: 5cb1648da7a10d5003b27c19434ff124

Located: Startup (common), PositionAgent.lnk
command: C:\Program Files\Microsoft bCentral\PositionAgent\PA.exe
file: C:\Program Files\Microsoft bCentral\PositionAgent\PA.exe
size: 131072
MD5: b94ecfe591f74e68ebbcce856a26d8ca

Located: Startup (common), Timer Recording Manager.lnk
command: C:\Program Files\Sony\giga pocket\ReserveModule.exe
file: C:\Program Files\Sony\giga pocket\ReserveModule.exe
size: 233472
MD5: e5f45ac1a2cec72fc4da33b59581e40c

Located: Startup (common), VAIO Action Setup (Server).lnk
command: C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
file: C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
size: 40960
MD5: aa01ad8d6c16bcbf0d89b93ecd72f68d

Located: Startup (user), Shortcut to OUTLOOK.lnk
command: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
file: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
size: 196296
MD5: edb2d35ef459fa287d02206602301e91



--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 5/12/2004 1:03:00 AM
Date (last access): 5/22/2005 9:16:16 AM
Date (last write): 5/12/2004 1:03:00 AM
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

Yahoo! Chat (Yahoo! Chat)
DPF name: Yahoo! Chat
CLSID name:

{0075546E-5D3D-11D2-A3E5-0060971304D8} (WTX_Installer Class)
DPF name:
CLSID name: WTX_Installer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: wtx_setup.dll
Short name: WTX_SE~1.DLL
Date (created): 8/18/2003 12:15:00 PM
Date (last access): 5/22/2005 9:25:06 AM
Date (last write): 8/18/2003 12:15:00 PM
Filesize: 55800
Attributes: archive
MD5: A08DCED7C8D4950D968B63C0A55DB95D
CRC32: 4A991FB2
Version: 0.3.0.0

{02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass)
DPF name:
CLSID name: VaioInfo.CMClass
Path: C:\WINDOWS\Downloaded Program Files\
Long name: VaioInfo.dll
Short name:
Date (created): 10/27/2004 1:06:30 PM
Date (last access): 5/22/2005 9:25:06 AM
Date (last write): 10/27/2004 1:06:30 PM
Filesize: 49152
Attributes: archive
MD5: 48A6D73627BED4C463FEBA338D8E13A5
CRC32: 01620329
Version: 0.2.0.2

{0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class)
DPF name:
CLSID name: BrowseFolderPopup Class
description: McAfee
classification: Legitimate
known filename: MGBRWFLD.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\MCBin\Shared\
Long name: MGBrwFld.dll
Short name:
Date (created): 11/19/1999 8:06:54 PM
Date (last access): 5/20/2005 5:42:06 PM
Date (last write): 11/19/1999 8:06:54 PM
Filesize: 94208
Attributes: archive
MD5: BE3CA757FB644CDF0A3CC0F6BCDF3803
CRC32: E67A73A4
Version: 0.1.0.0

{11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control)
DPF name:
CLSID name: iPIX ActiveX Control
description: iPIX ActiveX Control
classification: Unknown
known filename: ipixx.ocx
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: ipixx.ocx
Short name:
Date (created): 6/2/2000 12:29:42 PM
Date (last access): 5/20/2005 5:42:06 PM
Date (last write): 6/2/2000 12:29:42 PM
Filesize: 102912
Attributes: archive
MD5: FF183CADA1ED933276B169E304E88910
CRC32: E85AE186
Version: 0.6.0.2

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 1/14/2003 7:52:40 PM
Date (last access): 5/20/2005 5:42:08 PM
Date (last write): 1/9/2002 3:28:02 AM
Filesize: 32768
Attributes: archive
MD5: 92FA0AE21D3A08B65D291724AA7D0E43
CRC32: 7B63A9DB
Version: 0.8.0.5

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 1/28/2005 3:38:00 PM
Date (last access): 5/18/2005 8:18:02 PM
Date (last write): 1/28/2005 3:38:00 PM
Filesize: 421128
Attributes: archive
MD5: C3C3864DA698F0CC1BE56F9695534DD8
CRC32: C0FC216A
Version: 0.1.0.0

{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class)
DPF name:
CLSID name: MSSecurityAdvisor Class
Path: C:\WINDOWS\System32\
Long name: mssecadv.dll
Short name:
Date (created): 9/8/2003 12:30:46 PM
Date (last access): 5/16/2005 2:14:06 PM
Date (last write): 9/8/2003 12:30:46 PM
Filesize: 36960
Attributes: archive
MD5: A4282FD762CE1C4FFA665538E335CFF0
CRC32: 51ECFB75
Version: 0.5.0.4

{2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing)
DPF name:
CLSID name: Yahoo! Audio Conferencing
description: Yahoo Audio Conferencing
classification: Legitimate
known filename: YACSCOM.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: yacscom.dll
Short name:
Date (created): 5/27/2003 7:24:20 PM
Date (last access): 5/22/2005 9:25:06 AM
Date (last write): 5/27/2003 7:24:20 PM
Filesize: 233472
Attributes: archive
MD5: B9B01094F1E7A2B9EF2A74F9D8A7D464
CRC32: 313C98A6
Version: 0.1.0.0

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 4/27/2005 9:43:34 AM
Date (last access): 5/22/2005 9:25:04 AM
Date (last write): 4/27/2005 9:43:34 AM
Filesize: 202352
Attributes: archive
MD5: DED7B2F31D562643DAFD67F304813CB8
CRC32: 2921D0E7
Version: 7.212.0.12

{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 8/27/2003 5:10:30 AM
Date (last access): 5/22/2005 9:26:02 AM
Date (last write): 8/27/2003 5:10:30 AM
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 0.11.0.0

{41F17733-B041-4099-A042-B518BB6A408C} ()
DPF name:
CLSID name:

{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class)
DPF name:
CLSID name: QDiagAOLCCUpdateObj Class
Path: C:\WINDOWS\System32\
Long name: qdiagcc.ocx
Short name:
Date (created): 2/23/2004 10:58:20 AM
Date (last access): 5/8/2005 3:47:16 PM
Date (last write): 2/23/2004 10:58:20 AM
Filesize: 1003520
Attributes: archive
MD5: 8B6C90078C00352FFC6F78BE1E4891DE
CRC32: 896B9758
Version: 0.1.0.0

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
DPF name:
CLSID name: McAfee.com Operating System Class
Path: C:\WINDOWS\system32\
Long name: mcinsctl.dll
Short name:
Date (created): 8/5/2003 12:01:28 PM
Date (last access): 5/22/2005 9:16:18 AM
Date (last write): 3/7/2005 3:05:30 PM
Filesize: 341568
Attributes: archive
MD5: E87BA172619E82572106B008BB494B38
CRC32: 96945A8E
Version: 0.4.0.0

{597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class)
DPF name:
CLSID name: OPUCatalog Class
Path: C:\WINDOWS\System32\
Long name: opuc.dll
Short name:
Date (created): 4/3/2003 4:48:58 PM
Date (last access): 5/16/2005 2:14:20 PM
Date (last write): 4/3/2003 4:48:58 PM
Filesize: 180496
Attributes: archive
MD5: 81FBAD247E1A8C38BD5937578748C248
CRC32: 9A0F00AB
Version: 0.10.0.0

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 4/27/2005 9:43:46 AM
Date (last access): 5/22/2005 9:25:06 AM
Date (last write): 4/27/2005 9:43:46 AM
Filesize: 161432
Attributes: archive
MD5: 2E5FCBD80A006132A302E2B3C5ED653E
CRC32: 4A61625E
Version: 7.212.0.6

{6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class)
DPF name:
CLSID name: Ofoto Upload Manager Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: axofupld.dll
Short name:
Date (created): 11/5/2003 12:24:56 AM
Date (last access): 5/22/2005 9:25:04 AM
Date (last write): 11/5/2003 12:24:56 AM
Filesize: 196694
Attributes: archive
MD5: 709AA5EE6325C0D2F3F5C82F90635C25
CRC32: 667A9090
Version: 0.1.0.0

{74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
description: Trend Micro Antivirus online scanner
classification: Legitimate
known filename: XSCAN53.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan53.ocx
Short name:
Date (created): 3/24/2004 6:22:12 PM
Date (last access): 5/8/2005 4:03:30 PM
Date (last write): 3/24/2004 6:22:12 PM
Filesize: 435712
Attributes: archive
MD5: 99A67AEE9A6E3EFD2126AFA0840ECBED
CRC32: 9198FA39
Version: 0.5.0.70

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02)
DPF name: Java Runtime Environment 1.4.1_02
CLSID name: Java Plug-in 1.4.1_02
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.1_02\bin\
Long name: NPJPI141_02.dll
Short name: NPJPI1~1.DLL
Date (created): 9/18/2003 10:45:06 PM
Date (last access): 5/8/2005 3:23:14 PM
Date (last write): 2/20/2003 4:42:34 PM
Filesize: 61553
Attributes: archive
MD5: E4EFF4ADF1367AA79815A9061E64C0D9
CRC32: A0446F8E
Version: 0.1.0.4

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)
DPF name:
CLSID name: DwnldGroupMgr Class
Path: C:\WINDOWS\system32\
Long name: McGDMgr.dll
Short name:
Date (created): 8/7/2003 8:41:22 PM
Date (last access): 5/22/2005 9:16:18 AM
Date (last write): 2/15/2005 11:34:18 AM
Filesize: 277616
Attributes: archive
MD5: 1D9A1D29A60BFB9B92E36E17F0D951E5
CRC32: EEB52960
Version: 0.1.0.0

{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02)
DPF name: Java Runtime Environment 1.4.1_02
CLSID name: Java Plug-in 1.4.1_02
Path: C:\Program Files\Java\j2re1.4.1_02\bin\
Long name: NPJPI141_02.dll
Short name: NPJPI1~1.DLL
Date (created): 9/18/2003 10:45:06 PM
Date (last access): 5/22/2005 10:24:12 AM
Date (last write): 2/20/2003 4:42:34 PM
Filesize: 61553
Attributes: archive
MD5: E4EFF4ADF1367AA79815A9061E64C0D9
CRC32: A0446F8E
Version: 0.1.0.4

{CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class)
DPF name:
CLSID name: Live365Player Class
Path: C:\WINDOWS\DOWNLO~1\
Long name: Play365.dll
Short name:
Date (created): 6/6/2003 7:06:56 PM
Date (last access): 5/22/2005 9:25:04 AM
Date (last write): 6/6/2003 7:06:56 PM
Filesize: 335872
Attributes: archive
MD5: 02D3243B77F6C3EFBF67AAD62C26B443
CRC32: FA8AB3C6
Version: 0.1.0.0

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 6/9/2004 3:59:26 PM
Date (last access): 5/21/2005 1:24:28 PM
Date (last write): 6/9/2004 3:59:26 PM
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 0.7.0.0

{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class)
DPF name:
CLSID name: iTunesDetector Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ITDetector.ocx
Short name: ITDETE~1.OCX
Date (created): 2/3/2004 10:26:38 AM
Date (last access): 5/20/2005 5:42:28 PM
Date (last write): 2/3/2004 10:26:38 AM
Filesize: 49152
Attributes: archive
MD5: C45D0B763A601B1EEF0573F99F1DD732
CRC32: 09E2233A
Version: 0.2.0.0

{D81CA86B-EF63-42AF-BEE3-4502D9A03C2D} (MMRadioHostX Class)
DPF name:
CLSID name: MMRadioHostX Class

{DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control)
DPF name:
CLSID name: Microsoft Office Tools on the Web Control
Path: C:\WINDOWS\Downloaded Program Files\
Long name: OUTC.DLL
Short name:
Date (created): 3/13/2003 12:04:06 PM
Date (last access): 5/22/2005 9:25:04 AM
Date (last write): 3/13/2003 12:04:06 PM
Filesize: 45720
Attributes: archive
MD5: 45DE1052FE8AA3D8507FD5A6343420E0
CRC32: 41AA4F0C
Version: 0.1.0.3

{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class)
DPF name:
CLSID name: McFreeScan Class
Path: C:\WINDOWS\McAfee.com\FreeScan\
Long name: mcfscan.dll
Short name:
Date (created): 1/22/2003 10:04:38 AM
Date (last access): 5/20/2005 5:42:30 PM
Date (last write): 1/22/2003 10:04:38 AM
Filesize: 86016
Attributes: archive
MD5: 3C88E39B1DFD31FD591907DD13393E89
CRC32: 23B8F415
Version: 0.1.0.4

{FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm)
DPF name:
CLSID name: sonyctl.sonycm
Path: C:\WINDOWS\Downloaded Program Files\
Long name: sonyctl.dll
Short name:
Date (created): 9/20/2001 1:40:38 PM
Date (last access): 5/22/2005 9:25:06 AM
Date (last write): 9/20/2001 1:40:38 PM
Filesize: 32768
Attributes: archive
MD5: 70E2F85BD910C720C5FE1D81B9FBF850
CRC32: F5955C0C
Version: 0.4.0.0



--- Process list ---
Spybot - Search && Destroy process list report, 5/22/2005 10:24:11 AM

PID: 0 ( 0) [System]
PID: 4 ( 0) system
PID: 148 ( 456) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
PID: 188 ( 996) C:\Program Files\Microsoft bCentral\PositionAgent\PA.exe
PID: 216 ( 456) C:\WINDOWS\System32\drivers\CDAC11BA.EXE
PID: 280 ( 996) C:\Program Files\Sony\giga pocket\ReserveModule.exe
PID: 328 ( 996) C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
PID: 332 ( 456) c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
PID: 336 ( 4) \SystemRoot\System32\smss.exe
PID: 388 ( 336) \??\C:\WINDOWS\system32\csrss.exe
PID: 412 ( 336) \??\C:\WINDOWS\system32\winlogon.exe
PID: 456 ( 412) C:\WINDOWS\system32\services.exe
PID: 468 ( 412) C:\WINDOWS\system32\lsass.exe
PID: 472 ( 456) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 576 ( 608) C:\WINDOWS\System32\wbem\wmiprvse.exe
PID: 608 ( 456) C:\WINDOWS\system32\svchost.exe
PID: 668 ( 456) C:\WINDOWS\system32\svchost.exe
PID: 708 ( 456) C:\WINDOWS\System32\svchost.exe
PID: 756 ( 456) C:\WINDOWS\System32\svchost.exe
PID: 780 ( 456) C:\WINDOWS\System32\svchost.exe
PID: 796 ( 456) C:\WINDOWS\System32\svchost.exe
PID: 996 ( 972) C:\WINDOWS\Explorer.EXE
PID: 1080 ( 456) C:\WINDOWS\system32\spoolsv.exe
PID: 1180 ( 996) C:\Program Files\Google\ggviewer67-48.exe
PID: 1200 ( 996) C:\PROGRA~1\mcafee.com\agent\mcagent.exe
PID: 1256 ( 996) C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
PID: 1284 ( 708) C:\WINDOWS\system32\wuauclt.exe
PID: 1288 ( 996) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 1360 (1256) c:\progra~1\mcafee.com\vso\mcvsescn.exe
PID: 1432 ( 996) C:\PAPRPORT\FBDirect.exe
PID: 1440 ( 996) C:\PAPRPORT\pptd40nt.exe
PID: 1492 ( 996) C:\WINDOWS\LTSMMSG.exe
PID: 1500 ( 996) C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
PID: 1524 ( 996) C:\WINDOWS\System32\ezSP_Px.exe
PID: 1564 ( 996) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PID: 1572 ( 996) C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
PID: 1584 ( 996) C:\WINDOWS\AGRSMMSG.exe
PID: 1592 ( 996) thguard.exe
PID: 1652 ( 996) C:\WINDOWS\system32\ctfmon.exe
PID: 1660 ( 996) C:\PAPRPORT\PPWebCap.exe
PID: 1672 ( 996) C:\WINDOWS\system32\RUNDLL32.EXE
PID: 1680 ( 996) C:\Program Files\Messenger\msmsgs.exe
PID: 1704 ( 996) C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe
PID: 1732 ( 996) C:\Program Files\America Online 9.0a\aoltray.exe
PID: 1744 ( 996) C:\Program Files\sony\giga pocket\usbsircs.exe
PID: 1808 ( 280) C:\Program Files\sony\giga pocket\gps.exe
PID: 1932 ( 608) c:\progra~1\mcafee.com\vso\mcvsftsn.exe
PID: 2024 ( 996) C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
PID: 2112 ( 608) C:\PROGRA~1\Sony\GIGAPO~1\Sgpcom.exe
PID: 2124 ( 456) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
PID: 2220 ( 456) C:\WINDOWS\System32\nvsvc32.exe
PID: 2276 ( 456) C:\WINDOWS\System32\svchost.exe
PID: 2344 ( 456) C:\WINDOWS\system32\wdfmgr.exe
PID: 2384 ( 456) C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
PID: 2472 ( 456) C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
PID: 2504 ( 456) C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
PID: 2528 ( 456) C:\Program Files\Sony\giga pocket\GPVSvr.exe
PID: 2612 ( 456) C:\WINDOWS\system32\fxssvc.exe
PID: 2640 ( 456) C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
PID: 2676 ( 456) C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
PID: 2728 ( 456) C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
PID: 2772 ( 456) C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
PID: 2820 ( 456) C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
PID: 3316 ( 456) c:\PROGRA~1\mcafee.com\vso\mcshield.exe
PID: 3580 ( 996) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 3692 ( 456) C:\WINDOWS\System32\alg.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 5/22/2005 10:24:11 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.rushconsulting.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.sony.com/vaiopeople
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *

Protocol 6: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 7: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 8: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 9: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 10: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3BBF674C-1113-41D3-B7DF-E12A5AB9EF53}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB458613-4778-4C16-92F4-0450C437C848}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{74046427-157B-460E-8CF1-35C9520B9896}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*
Barb
Regular Member
 
Posts: 22
Joined: May 5th, 2005, 8:11 pm

Unread postby Bertha » May 23rd, 2005, 12:35 pm

Hey Barb,

sorry about the wait, please do as follows:

Download scanbat2.zip to your desktop
http://forums.net-integration.net/index ... &id=147202
Extract/unzip the files inside also to the desktop, open the folder find and run the batch file, (SCAN.BAT) and post the contents of the text that will open.

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby Barb » May 23rd, 2005, 2:00 pm

The link gives a 404 page not found message. I looked around on the main site and cant find the file.
Barb
Regular Member
 
Posts: 22
Joined: May 5th, 2005, 8:11 pm

Unread postby Bertha » May 23rd, 2005, 2:08 pm

Hey Barb,

Sorry about the link, let me try and find you another one :)

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby Bertha » May 23rd, 2005, 2:38 pm

Hey Barb,

Ok try this link for me - http://forums.net-integration.net/index ... 0721&st=0&

Thats takes you to another forum topic,

Now scroll down the forum, to the 6th reply its by LonnyRJones, it says this:

Hi, Thanks

Download scanbat2.zip to your desktop
http://forums.net-integration.net/index ... &id=147202
Extract/unzip the files inside also to the desktop, open the folder find and run the batch file, (SCAN.BAT) and post the contents of the text that will open.


When you see his reply click on the link he gives for the "ScanBat" file and download it from there

Do as I advised in a my previous post and then post the results back here for me to see

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

scanbat2 log

Unread postby Barb » May 23rd, 2005, 3:34 pm

A browser window just now opened that goes to ~http://www.fairpoker.com

»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MCUpdateExe SZ C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MCAgentExe SZ c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VSOCheckTask SZ "c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe" /checktask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VirusScan Online SZ "c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TkBellExe SZ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StorageGuard SZ "C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe" /r
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SiSUSBRG SZ C:\\WINDOWS\\SiSUSBrg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SiS Tray SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SiS KHooker SZ C:\\WINDOWS\\System32\\khooker.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegisterDropHandler SZ C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QuickTime Task SZ "C:\\Program Files\\QuickTime\\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QuickFinder Scheduler SZ "C:\\Program Files\\Corel\\WordPerfect Office 2002\\Programs\\QFSCHD100.EXE"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pure Networks Port Magic SZ "C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe" -Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PP5300usb SZ C:\\PAPRPORT\\FBDirect.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PaperPort PTD SZ C:\\PAPRPORT\\pptd40nt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwiz SZ nwiz.exe /install
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon SZ RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LTSMMSG SZ LTSMMSG.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InstantAccess SZ C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE /h
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IndexSearch SZ C:\\PAPRPORT\\IndexSearch.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezShieldProtector for Px SZ C:\\WINDOWS\\System32\\ezSP_Px.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutoProp SZ C:\\PROGRA~1\\MICROS~4\\Office10\\bots\\fp_wmp\\regprop.exe C:\\PROGRA~1\\MICROS~4\\Office10\\bots\\fp_wmp\\WMPaddin.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AOLDialer SZ C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AOL Spyware Protection SZ "C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AGRSMMSG SZ AGRSMMSG.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\THGuard SZ "C:\\Program Files\\TrojanHunter 4.2\\THGuard.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\thebzp SZ c:\\windows\\system32\\thebzp.exe -start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ NONE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL\Installed SZ 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI\NoChange SZ 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI\Installed SZ 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS\Installed SZ 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe SZ C:\\WINDOWS\\system32\\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PPWebCap SZ C:\\PAPRPORT\\PPWebCap.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter SZ RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS SZ "C:\\Program Files\\Messenger\\msmsgs.exe" /background
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\RegisterDropHandler SZ C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ NONE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ NONE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\ NONE


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ NONE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ NONE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ NONE
Barb
Regular Member
 
Posts: 22
Joined: May 5th, 2005, 8:11 pm

Unread postby Bertha » May 24th, 2005, 5:30 am

Hey barb,

Ok lets fix the Registry entries now that seem to be causing the problems:

Launch Notepad (not wordpad), and copy and paste the Quote Box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\thebzp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"thebzp"=-


Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Ok lets use Killbox to remove the file/folder that is being so stubborn:

Download Pocket Killbox here - http://www.malwareremoval.com/downloads.html

Now take a look at this post as it will guide you through the installation process as well as the removal process incase you get confused:

http://www.malwareremoval.com/forum/viewtopic.php?t=320

Once you have installed Killbox we need to begin to delete the file folder:

If you look at the topic above this is what we are going to do (so read this part):

How to use KILLBOX to delete a file - Delete on reboot kill - Delete on reboot kill

ChrisRLG

Open Killbox and check a mark in the "RadioBox" which says "Delete On Reboot"

Under "Full Path or File to Delete copy and paste this entry below:

c:\\windows\\system32\\thebzp.exe

After you have added the above entry and it asks if you wish to restart CLICK YES and the computer will restart

After a reboot

Now run SpyBot again fixing all the MagicControl entries

Tell me how things are running now

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Ta da!

Unread postby Barb » May 24th, 2005, 3:32 pm

On first inspection, I SEEM TO BE CLEAN!
I'll continue to look over my shoulder for awhile. This has been grueling. Thank you so much for sticking it out!
Barb
Regular Member
 
Posts: 22
Joined: May 5th, 2005, 8:11 pm

Unread postby Bertha » May 25th, 2005, 5:42 am

Hey Barb,

I need you to re do this part of the fix for me as I missed a simple part of the Regedit out

Launch Notepad (not wordpad), and copy and paste the Quote Box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\thebzp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"thebzp"=-


Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Reboot

Are you having any problems now?

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby Barb » May 25th, 2005, 2:43 pm

Everything seems to be working fine now. I havent been pestered by MagicControl or Casinos since we used fixme.reg. Wish me luck and thanks again for all your help.
-Barb
Barb
Regular Member
 
Posts: 22
Joined: May 5th, 2005, 8:11 pm

Unread postby Bertha » May 25th, 2005, 2:51 pm

Hey Barb,

This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :-

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above
  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.

      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  4. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  8. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

(ChrisRLG)

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands

Unread postby ChrisRLG » June 1st, 2005, 4:34 pm

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware