Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus burster removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Andy at Hull

Unread postby Dave7312 » November 15th, 2006, 12:17 pm

This is the rapport text file that you asked for?
SmitFraudFix v2.120

Scan done at 10:14:29.51, 13/11/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\impgsje.dll FOUND !
C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Safety Bar\ FOUND !
C:\Program Files\X Password Manager\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

I have followed your instructions from showing hidden files to the end of that post
and the following results


lts
The VsAddin or Vs toolbar refuses to be deleted
The safety bar creates a message that it has already been removed I took the option to remove from the list.
In the C:\ Program files the VSAdd-in Delete
The Safety bar not listed
C:\windows qjqvuaem.dll and rszhlli.dll and winjvd32.dlll not present
Following the AVG scan there were no reports
On rebooting in normal mode the message 'update.exe
unable to locate because system dllwas not found appeared
The google tool bar is still being usurped by one which is not in the list
Ylu have susequently ssent a further posting which I will attend to asap
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am
Advertisement
Register to Remove

Unread postby Navigator » November 15th, 2006, 1:55 pm

Alright...let's take a break for a moment, as we are getting crossed up in our replies. For right now I don't want you to do anything else except what I tell you below. I am having GREAT difficulty figuring out what the results are of the steps you are taking because I haven't been given any reports. Since I am not standing over your shoulder, without seeing these logs/reports I am kind of 'blind' here. You haven't been able to produce an HJT uninstall list, a smitfraudfix log or an AVG/Ewido report for me to see.

Please answer each of the questions below for me:

The Smitfraudfix log you posted is still the option 1 - scan for smitfraud files/entries log, not the option 2 - results of cleaning log which would be located at C:\rapport.txt on your computer IF YOU RAN THE OPTION 2 FIX IN SAFE MODE.

1. Did you run the smitfraudfix - option 2 in safe mode as instructed earlier?

2. Do you know how to find this file on your computer: C:\rapport.txt, open it and copy/paste the results here?

3. If you set up AVG/Ewido as I instructed, it should have produced a report. By default, the scan report is saved to a report sub-folder within the AVG Anti-Spyware 7.5 folder: C:\Program Files\AVG Anti-Spyware 7.5\Reports\{report name}. Do you know how to navigate to this folder on your computer and find the report?

For the time being, answer the three questions above and post a new HJT log now so I can look at it, and then we'll go on from there.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Andy and Navigator

Unread postby Dave7312 » November 17th, 2006, 6:41 am

Is this the file?
SmitFraudFix v2.120

Scan done at 9:53:37.54, 14/11/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Andy and Navigator

Unread postby Dave7312 » November 17th, 2006, 6:50 am

There is no Avg antispyware report on the computer
As I indicated in my previous reply, when the scan had finished the pane came up greyed out with the words 'no report' in the middle of it.
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Andy and Navigator

Unread postby Dave7312 » November 17th, 2006, 6:52 am

Shall I run the smitfaud test again?
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Andy and Navigator

Unread postby Dave7312 » November 17th, 2006, 7:51 am

I have had a trawl through the computer and have found this file tucked away.
Is it the log file of the Avg that you were looking for?
synchronize database and filecache
application start was blocked because of several instances
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
application start was blocked because of several instances
synchronize database and filecache
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
application start was blocked because of several instances
synchronize database and filecache
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Unread postby Navigator » November 17th, 2006, 12:44 pm

OK dave....good! That was the smitfraudfix file I needed. That's not the AVG/Ewido scan result, but that's OK for now.

Since it's been a few days, please post for me a fresh HJT log and let's see where we're at....

Run HJT, choose do a system scan and save a logfile and then copy/paste the results here.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Andy annd Navigator

Unread postby Dave7312 » November 17th, 2006, 12:54 pm

I highlighted HJT.exe and scanned with AVgg anti spyware and received the report
'nothing found'
I aAVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:51:58 17/11/2006

+ Scan result:



Nothing found.


::Report end
ppend the report
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Re: Andy annd Navigator

Unread postby Navigator » November 17th, 2006, 1:05 pm

Dave7312 wrote:I highlighted HJT.exe and scanned with AVgg anti spyware and received the report
'nothing found'
I aAVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:51:58 17/11/2006

+ Scan result:



Nothing found.


::Report end
ppend the report


I don't want you to scan the HJT program itself....I want you to run HJT and get a HJT scan/logfile like you've done previously....

It should look like this earlier one you produced:

Logfile of HijackThis v1.99.1
Scan saved at 10:05:45, on 14/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\{24B2DDA8-0AE9-1033-0823-04040512002c}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\My Documents\Hijackthis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {364EDF5F-4321-65AE-8768-0A5EFEB5608D} - C:\WINDOWS\system32\rfwjyfl.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {EEA80C9B-C91B-4AB0-9B94-E3A6559C93AD} - C:\WINDOWS\system32\gebyw.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\qjqvuaem.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [rszhlli.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rszhlli.dll,mcqthgc
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: PhotoCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\PhotoCAL\PhotoCAL.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/f2ee12d ... f_2065.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/ ... 2D2D2D.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8936829924
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://davidrobinson5.bulldoghome.com/p ... Upload.ocx
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templat ... rol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9C9A73D-42DE-4DEA-A2C4-39FE60A4B6BB}: NameServer = 83.146.21.6 212.158.248.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\SYSTEM32\winjvd32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


I just want a 'new' one now since we did some cleaning to see what it now contains.

Does this make sense?

Go to this file on your computer: C:\Documents and Settings\Owner\My Documents\Hijackthis\HJT.exe, double-click the file and the HJT program will 'run'. Then choose do a system scan and save a logfile. Copy/paste that logfile in this thread.

You've done this before....
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Andy and Navigator

Unread postby Dave7312 » November 17th, 2006, 6:41 pm

Sorry about that
Here is the scan
Logfile of HijackThis v1.99.1
Scan saved at 22:39:51, on 17/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Hijackthis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8936829924
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://davidrobinson5.bulldoghome.com/p ... Upload.ocx
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templat ... rol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9C9A73D-42DE-4DEA-A2C4-39FE60A4B6BB}: NameServer = 83.146.21.6 212.158.248.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Unread postby Navigator » November 18th, 2006, 12:04 am

Hello dave....

That HJT log is largely 'clean'...let's make one small 'fix', update your Java (out of date Java versions can be security risks) and then do an online scan to see if it too is clean:

1. Please re-open HiJackThis and choose Do a system scan only. Check the boxes next to the left of all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =


Now close all windows other than HiJackThis, then click Fix Checked.

2. Update Java and Remove old Java Versions
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.<== scroll down the list to find THIS entry
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Remove older Java Versions:
  • Close any programs you may have running - especially your web browser.
  • Go to Start >> Control Panel double-click on Add/Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
Install latest Java Version:
  • From your desktop, double-click on jre-1_5_0_09-windows-i586-p to install the newest version.

3. Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Andy and Navigator

Unread postby Dave7312 » November 20th, 2006, 8:51 am

Incident Status Location

Adware:adware/azesearch Not disinfected C:\Documents and Settings\Owner\Favorites\pharmacy\Penis Enlargement.url
Spyware:spyware/iehelp Not disinfected c:\windows\downloaded program files\ipreg32.inf
Adware:adware/sbsoft Not disinfected c:\windows\downloaded program files\webdlg32.inf
Adware:adware/securityerror Not disinfected C:\Documents and Settings\Owner\Favorites\Antivirus Test Online.url
Adware:adware/ist.istbar Not disinfected C:\Documents and Settings\Owner\Start Menu\WEB-Search.url
Spyware:spyware/web3000 Not disinfected c:\windows\hh.ico
Adware:adware/ipbill Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/cramtoolbar Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ccbill[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\swsc.exe
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix\swsc.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip[SmitfraudFix/swsc.exe]
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Program Files\Common Files\DriveCleaner 2006\DC6cw.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Common Files\{24B2DDA8-0AE9-1033-0823-04040512002c}\Update.exe
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Program Files\DriveCleaner 2006\DC2006.exe
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Program Files\DriveCleaner 2006\DCShell.dll
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Program Files\DriveCleaner 2006\Support.exe
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Program Files\DriveCleaner 2006\Updater.exe
Dialer:Dialer.HLO Not disinfected C:\WINDOWS\Downloaded Program Files\btwebcontrol.inf
Possible Virus. Not disinfected C:\WINDOWS\dtaplugin.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\enenqnjk.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\swsc.exe
Andy and Navigator
This is the scan from Panda
May I add that on booting the computer I receive a message headed System update.exe'Application failed to start because System.dll was not found
David
I am getting the hang of the reply ssystem and thankyou for your attention to these problems
David
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Re: Andy and Navigator

Unread postby Navigator » November 21st, 2006, 2:23 pm

Dave7312 wrote:May I add that on booting the computer I receive a message headed System update.exe'Application failed to start because System.dll was not found
David
I am getting the hang of the reply ssystem and thankyou for your attention to these problems
David


hello dave...sorry for the delay. I wasn't sure if Andy was going to come back yet...

I'm glad you are 'getting the hang' of it! Let's delete the stuff Panda found, and then run another tool to see what it finds and to see if it can help us solve the error message you are getting on reboot:

1. Please delete these folders using Windows Explorer (if present):
  • Click Start>>All Programs>>Accessories>>Windows Explorer
  • Navigate to the listed folders, then right-click to select them and click delete


C:\Program Files\DriveCleaner 2006
C:\Program Files\Common Files\DriveCleaner 2006


2. Please delete these files using Windows Explorer (if present):
  • Click Start>>All Programs>>Accessories>>Windows Explorer
  • Navigate to the listed files, then right-click to select them and click delete:


C:\Documents and Settings\Owner\Favorites\pharmacy\Penis Enlargement.url
c:\windows\downloaded program files\ipreg32.inf
c:\windows\downloaded program files\webdlg32.inf
C:\Documents and Settings\Owner\Favorites\Antivirus Test Online.url
C:\Documents and Settings\Owner\Start Menu\WEB-Search.url
c:\windows\hh.ico
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\{24B2DDA8-0AE9-1033-0823-04040512002c}\Update.exe
C:\WINDOWS\Downloaded Program Files\btwebcontrol.inf
C:\WINDOWS\dtaplugin.exe
C:\WINDOWS\system32\enenqnjk.exe


3. Download this file :
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

4. Post back as a reply with the
  • Combofix log
  • a new HJT log
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Andy and Navigator

Unread postby Dave7312 » November 22nd, 2006, 7:59 am

Dear Andy and Navigator I have followed your instructions so far as I could with the following exceptions
Program files\DriveCleaner 2006 message 'Access denied' but I deleted it directly by accessing the 'C' drive.
C\ \penis enlargement. There are other curious files there. Should I delete these as well?
C\\ipreg32 and webdlg32 not on the system even using 'search' facility
C\\Antivirus Test online.url. I could only find the shortcut this I deleted
C\\WEB-Search Only the shortcut found, this I deleted.
C\\Yazzle not on the system even using 'search' facility.
C\\Web control not on the system(as above)
3. The 'techsupportforum' file recognises the 'bleepingcomputer' file as being the same. I did not over-ride bleepingcomputer file.
Here are the logs
Owner - 06-11-22 10:59:22.00 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Inetget2
C:\Program Files\Ipwins
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{34B2DDA8-0AE9-1033-0823-04040512002c}


((((((((((((((((((((((((((((((( Files Created from 2006-10-22 to 2006-11-22 ))))))))))))))))))))))))))))))))))


2006-11-21 14:51 93,696 --a------ C:\WINDOWS\system32\Vtf.dll
2006-11-21 14:51 81,408 --a------ C:\WINDOWS\system32\Photocd.dll
2006-11-21 14:51 76,288 --a------ C:\WINDOWS\system32\Lwf.dll
2006-11-21 14:51 75,776 --a------ C:\WINDOWS\system32\Crw.dll
2006-11-21 14:51 72,704 --a------ C:\WINDOWS\system32\Jpg_transform.dll
2006-11-21 14:51 68,096 --a------ C:\WINDOWS\system32\FFactory.dll
2006-11-21 14:51 62,976 --a------ C:\WINDOWS\system32\Ics.dll
2006-11-21 14:51 619,008 --a------ C:\WINDOWS\system32\MrSID.dll
2006-11-21 14:51 61,440 --a------ C:\WINDOWS\system32\Exif.dll
2006-11-21 14:51 48,640 --a------ C:\WINDOWS\system32\Mrc.dll
2006-11-21 14:51 468,992 --a------ C:\WINDOWS\system32\DjVu.dll
2006-11-21 14:51 467,968 --a------ C:\WINDOWS\system32\JPM.dll
2006-11-21 14:51 46,592 --a------ C:\WINDOWS\system32\8BF_FILTERS.dll
2006-11-21 14:51 45,056 --a------ C:\WINDOWS\system32\Ra_player.dll
2006-11-21 14:51 442,368 --a------ C:\WINDOWS\system32\Fpx.dll
2006-11-21 14:51 424,960 --a------ C:\WINDOWS\system32\Flash4.dll
2006-11-21 14:51 41,984 --a------ C:\WINDOWS\system32\Quicktime.dll
2006-11-21 14:51 40,448 --a------ C:\WINDOWS\system32\Ecw.dll
2006-11-21 14:51 39,936 --a------ C:\WINDOWS\system32\Iptc.dll
2006-11-21 14:51 39,424 --a------ C:\WINDOWS\system32\SoundPlayer.dll
2006-11-21 14:51 39,424 --a------ C:\WINDOWS\system32\LogoManager.dll
2006-11-21 14:51 34,304 --a------ C:\WINDOWS\system32\Sff.dll
2006-11-21 14:51 34,304 --a------ C:\WINDOWS\system32\B3d.dll
2006-11-21 14:51 30,720 --a------ C:\WINDOWS\system32\Ftp.dll
2006-11-21 14:51 29,184 --a------ C:\WINDOWS\system32\EaFsh.dll
2006-11-21 14:51 26,624 --a------ C:\WINDOWS\system32\Pngout.dll
2006-11-21 14:51 238,592 --a------ C:\WINDOWS\system32\Ldf.dll
2006-11-21 14:51 225,280 --a------ C:\WINDOWS\system32\Dicom.dll
2006-11-21 14:51 220,160 --a------ C:\WINDOWS\system32\Mp3.dll
2006-11-21 14:51 201,216 --a------ C:\WINDOWS\system32\Postscript.dll
2006-11-21 14:51 178,688 --a------ C:\WINDOWS\system32\Awd.dll
2006-11-21 14:51 172,032 --a------ C:\WINDOWS\system32\Formats.dll
2006-11-21 14:51 166,400 --a------ C:\WINDOWS\system32\KDC120.dll
2006-11-21 14:51 151,552 --a------ C:\WINDOWS\system32\Med.dll
2006-11-21 14:51 151,552 --a------ C:\WINDOWS\system32\IV_Player.exe
2006-11-21 14:51 140,288 --a------ C:\WINDOWS\system32\Mng.dll
2006-11-21 14:51 138,240 --a------ C:\WINDOWS\system32\Flash.dll
2006-11-21 14:51 121,344 --a------ C:\WINDOWS\system32\Email.dll
2006-11-21 14:51 114,688 --a------ C:\WINDOWS\system32\JPEG2000.dll
2006-11-21 14:51 111,616 --a------ C:\WINDOWS\system32\FUNLTDIV.dll
2006-11-21 14:51 108,544 --a------ C:\WINDOWS\system32\ImPDF.dll
2006-11-21 14:51 106,496 --a------ C:\WINDOWS\system32\Nero.dll
2006-11-21 14:51 1,153,008 --a------ C:\WINDOWS\system32\CADImage.dll
2006-11-21 14:51 <DIR> d-a------ C:\WINDOWS\system32\Fmod
2006-11-21 14:51 <DIR> d-a------ C:\WINDOWS\system32\Filter Factory 8BF
2006-11-21 14:51 <DIR> d-a------ C:\WINDOWS\system32\Ecw
2006-11-21 14:51 <DIR> d-a------ C:\WINDOWS\system32\Crw
2006-11-21 14:51 <DIR> d-a------ C:\WINDOWS\system32\Adobe 8BF
2006-11-21 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-11-21 11:59 <DIR> d-------- C:\Program Files\Yahoo!
2006-11-20 11:24 <DIR> d-------- C:\Program Files\Java
2006-11-20 11:24 <DIR> d-------- C:\Program Files\Common Files\Java
2006-11-15 10:12 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-14 17:02 <DIR> d-------- C:\Program Files\AdSubtract
2006-11-13 10:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-13 10:14 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-13 10:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-13 10:14 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-11 16:13 5,794 --a------ C:\Program Files\crack.exe
2006-11-11 15:55 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PCTV4Me
2006-11-11 15:05 <DIR> d-------- C:\VundoFix Backups
2006-11-11 15:03 1,744 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-09 11:36 5,789 --a------ C:\crack.exe
2006-11-09 11:04 <DIR> d-------- C:\Jasc Paint Shop Pro 9.0 Trial - Bidjan
2006-11-09 11:03 <DIR> d-------- C:\Jasc PaintShop Pro 9.01- Bidjan
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 00:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SearchToolbarCorp
2006-11-02 19:05 110,612 --a------ C:\WINDOWS\system32\enenqnjk.exe
2006-11-02 18:14 <DIR> d-------- C:\Program Files\Ultimate Cleaner
2006-10-31 12:28 <DIR> d-------- C:\Program Files\efonica softphone
2006-10-28 08:03 <DIR> d-------- C:\Program Files\DriveCleaner 2006
2006-10-27 17:06 <DIR> d-------- C:\Program Files\Skype
2006-10-27 17:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Skype
2006-10-27 15:24 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-10-27 15:24 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-10-27 15:24 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-27 15:24 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-10-27 13:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MipKukSoft
2006-10-27 13:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Kybtec Software
2006-10-27 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MipKukSoft
2006-10-27 10:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Pixmantec
2006-10-27 09:52 <DIR> d-------- C:\Program Files\Pixmantec
2006-10-25 15:53 34,308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-10-24 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2006-10-24 17:00 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-22 10:59 -------- d-------- C:\Program Files\Common Files
2006-11-21 18:43 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-11-20 12:03 -------- d-------- C:\Program Files\Windows Media Player
2006-11-20 12:01 -------- d-------- C:\Program Files\Outlook Express
2006-11-20 12:00 -------- d-------- C:\Program Files\Messenger
2006-11-20 11:57 -------- d-------- C:\Program Files\Internet Explorer
2006-11-20 11:57 -------- d-------- C:\Program Files\Google
2006-11-20 11:54 -------- d-------- C:\Program Files\Common Files\System
2006-11-15 17:21 -------- d-------- C:\Program Files\Common Files\Nikon
2006-11-15 10:08 -------- d-------- C:\Documents and Settings\Owner\Application Data\eBookPro6
2006-11-13 12:23 -------- d-------- C:\Program Files\Nikon
2006-11-09 12:25 -------- d-------- C:\Program Files\PANTONE COLORVISION
2006-11-02 17:37 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-01 11:14 -------- d-------- C:\Program Files\Avery Wizard 2.5
2006-10-27 18:27 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-10-27 18:03 -------- d-------- C:\Program Files\Horses
2006-10-27 09:01 -------- d-------- C:\Program Files\Adobe
2006-10-24 20:36 -------- d-------- C:\Program Files\PrintFIX ColorCharts
2006-10-24 17:23 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-18 10:10 -------- d-------- C:\Program Files\Free RAW Viewer
2006-10-17 15:28 -------- d-------- C:\Program Files\vtplus
2006-10-17 15:28 -------- d-------- C:\Program Files\SSC Service Utility
2006-10-17 15:28 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2006-10-17 15:18 -------- d-------- C:\Documents and Settings\Owner\Application Data\DriveCleaner 2006
2006-10-17 12:20 -------- d-------- C:\Program Files\Canon
2006-10-15 16:10 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-14 09:58 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-07 19:32 14304158 --a------ C:\PrintFIX_1.2_Setup.exe
2006-10-03 22:57 1055 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2006-10-03 19:09 -------- d-------- C:\Program Files\QuickTime
2006-10-03 09:02 -------- d-------- C:\Program Files\Picasa2
2006-10-03 09:02 -------- d-------- C:\Program Files\Common Files\muvee Technologies
2006-09-29 09:36 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-28 11:36 -------- d-------- C:\Documents and Settings\Owner\Application Data\VMware
2006-09-28 09:35 13714856 --a------ C:\zlsSetup_65_737_000_en.exe
2006-09-27 06:26 -------- d-------- C:\Program Files\Registry Helper
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-10 21:56 78122753 --a------ C:\ColorPlus_1.1_Setup.exe
2006-09-10 12:10 6048544 --a------ C:\dap81.exe
2006-09-06 03:34 950272 --a------ C:\Facade.dll
2006-09-03 08:53 268 -r-h----- C:\Documents and Settings\Owner\Application Data\People
2006-09-03 08:39 10895532 --a------ C:\cnx101_en.exe
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sonic RecordNow!"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Registry Helper"="\"C:\\Program Files\\Registry Helper\\RegistryHelper.Exe\" /boot"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Documents and Settings\\Owner\\Desktop\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~3\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AdSubtract.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AdSubtract.lnk"
"backup"="C:\\WINDOWS\\pss\\AdSubtract.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ADSUBT~1\\adsub.exe "
"item"="AdSubtract"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AutoStart IR.lnk"
"backup"="C:\\WINDOWS\\pss\\AutoStart IR.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinTV\\Ir.exe /QUIET"
"item"="AutoStart IR"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON SMART PANEL for Scanner.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\EPSON SMART PANEL for Scanner.lnk"
"backup"="C:\\WINDOWS\\pss\\EPSON SMART PANEL for Scanner.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\EPSON\\EPSONS~2\\espmain.exe /h"
"item"="EPSON SMART PANEL for Scanner"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak software updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak software updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "
"item"="Kodak software updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NkvMon.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\NkvMon.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\NkView6\\NkvMon.exe "
"item"="NkvMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PhotoCAL Startup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PhotoCAL Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\PhotoCAL Startup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\PANTON~1\\PhotoCAL\\PhotoCAL.exe /auto"
"item"="PhotoCAL Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SpySubtract.lnk"
"backup"="C:\\WINDOWS\\pss\\SpySubtract.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\interMute\\SpySubtract\\SpySub.exe -autostart"
"item"="SpySubtract"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Admilli Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdmilliServ"
"hkey"="HKLM"
"command"="C:\\Program Files\\Admilli Service\\AdmilliServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bargains"
"hkey"="HKLM"
"command"="C:\\Program Files\\BullsEye Network\\bin\\bargains.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6cw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DC6cw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006\\DC6cw.exe\" -c"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskAd Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DeskAdServ"
"hkey"="HKLM"
"command"="C:\\Program Files\\DeskAd Service\\DeskAdServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tfswctrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DC2006"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DriveCleaner 2006\\DC2006.exe\" /min"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BJPSMAIN"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCLETray"
"hkey"="HKCU"
"command"="C:\\Program Files\\Pinnacle\\Shared Files\\InstantCDDVD\\PCLETray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iwctrl"
"hkey"="HKCU"
"command"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe /dropdisc"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\loader32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sys01824"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\Owner\\Application Data\\SysDown\\sys01824.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NetWaiting"
"hkey"="HKCU"
"command"="C:\\Program Files\\NetWaiting\\NetWaiting.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCMService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PSDrvCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RxMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rszhlli.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rszhlli"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\rszhlli.dll,mcqthgc"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UIUCU"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\UIUCU.EXE -CLEAN_UP -S"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinStat"
"hkey"="HKLM"
"command"="C:\\Program Files\\Windows AdStatus\\WinStat.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ybrwicon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-22 11:00:19.43
C:\ComboFix.txt ... 06-11-22 11:00
(end)

Logfile of HijackThis v1.99.1
Scan saved at 11:28:48, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Hijackthis\HJT.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8936829924
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://davidrobinson5.bulldoghome.com/p ... Upload.ocx
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templat ... rol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9C9A73D-42DE-4DEA-A2C4-39FE60A4B6BB}: NameServer = 83.146.21.6 212.158.248.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

The error message previously reported of 'System exe' not loading has not reappeared.
However the spurious toolbar in 'Internet Explorer' is still there. When I open 'IE' the toolbar has pushed Google to one side and contains the words 'about:blank' This I feel should be got rid of.
David
Dave7312
Regular Member
 
Posts: 25
Joined: November 9th, 2006, 6:46 am

Re: Andy and Navigator

Unread postby Navigator » November 23rd, 2006, 1:16 pm

Dave7312 wrote:The error message previously reported of 'System exe' not loading has not reappeared.
However the spurious toolbar in 'Internet Explorer' is still there. When I open 'IE' the toolbar has pushed Google to one side and contains the words 'about:blank' This I feel should be got rid of.
David


Hello Dave...sorry for the delay, I had to work all day yesterday...

Great! Let's see if we can get rid of the spurious toolbar and clean your system some more:

Wow...you had a bunch of crapware on your system! I am always amazed at what ComboFix shows....we're going to remove a bunch of stuff from your registry, then I will have you do some file/folder deletions (some may already be gone) and then we'll clean out the temp files and do another online scan.

1. Before we make changes to your registry, we need to make a registry back up:

To back up the registry, open the registry editor: click start button on the task bar then click run. In the open box type regedit then click OK.

Once you have the registry editor open, click My Computer to ensure the entire registry is backed up, then click on the File tab and select Export to export the Registry File. Save the registry backup to a location on your computer of your choosing other than the desktop (I would suggest C:\), and make note of the location of the file..

Once the file is saved (your hard drive light should be off, not flickering) close the registry editor and check that back up is there at the location you saved it to. Do not proceed with the registry edit below if the file is not present and complete.

If you make a fatal error you can simply double click on the backup.reg you just created to restore the registry to the state it was in before you began. Remember not to double click on backup.reg after you finish editing correctly, or you will reinfect your registry.

2. Next, please do this:
  • Copy the contents of the Quote Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Admilli Service]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6cw]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskAd Service]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rszhlli.dll]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus]


Make sure there are NO blank lines before REGEDIT4

Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear the registry entries left behind by the malware.

3. Please delete these folders using Windows Explorer(if present):
  • Click Start>>All Programs>>Accessories>>Windows Explorer
  • Navigate to the listed folders, then right-click to select them and click delete


C:\Program Files\Ultimate Cleaner
C:\Program Files\DriveCleaner 2006
C:\Program Files\BullsEye Network
C:\Program Files\Admilli Service
C:\Documents and Settings\Owner\Application Data\DriveCleaner 2006
C:\Program Files\Common Files\\DriveCleaner 2006
C:\Program Files\DeskAd Service
C:\Program Files\Internet Optimizer
C:\Program Files\Windows AdStatus
C:\Documents and Settings\Owner\Application Data\SearchToolbarCorp


4. Please delete these files using Windows Explorer(if present):
  • Click Start>>All Programs>>Accessories>>Windows Explorer
  • Navigate to the listed files, then right-click to select them and click delete:


C:\Program Files\crack.exe
C:\WINDOWS\system32\rszhlli.dll
C:\crack.exe
C:\WINDOWS\system32\enenqnjk.exe


5. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

6. Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

7. Post back with:
  • the F-Secure scan results
  • a new HJT log
  • let me know what problems you are having with your computer (if any)
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Vanilla-krypton and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware