Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

comp keeps freezing and rebooting

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

comp keeps freezing and rebooting

Unread postby managerme » April 26th, 2007, 5:36 am

my comp keeps either freezing up completely so i have to push the button to restart it or rebooting itself i did a panda online scan here is the results and also a hijack this scan

Incident Status Location

Adware:adware/secure32 Not disinfected c:\windows\country.exe
Adware:adware/superspider Not disinfected c:\windows\seksdialer.exe
Adware:adware/cws.searchmeup Not disinfected c:\windows\toolbar.exe
Adware:adware/webattaker Not disinfected c:\windows\uniq
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Logfile of HijackThis v1.99.1
Scan saved at 10:31:02, on 26/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\5020\SiteAdv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\SiteAdvisor\5020\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\tricia pettit\My Documents\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\5020\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\5020\SiteAdv.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\5020\SiteAdv.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O15 - Trusted Zone: http://www.artistrypsp.com
O15 - Trusted Zone: http://www.boots.co.uk
O15 - Trusted Zone: http://pub23.bravenet.com
O15 - Trusted Zone: http://*.buddinghtmlgurus.com
O15 - Trusted Zone: http://www.game.co.uk
O15 - Trusted Zone: http://www.geocities.com
O15 - Trusted Zone: http://www.meshplc.co.uk
O15 - Trusted Zone: http://www.msgplus.net
O15 - Trusted Zone: http://spaces.msn.com
O15 - Trusted Zone: http://www.wiseowls-studies.net
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-8.0.0.30/o ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.8.4.51/a ... -en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-8.0.0.30/s ... -en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.8.4.39/b ... -en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.8.4.51/b ... -en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-8.0.0.30/v ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/c ... -en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.61/c ... -en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.9.4.34/c ... -en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.9.1.38/c ... -en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-8.0.1.23/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-8.0.1.23/c ... -en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-8.0.0.30/v ... -en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-8.0.0.30/e ... -en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.4.41/f ... -en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.3.29/s ... -en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-6.9.3.39/h ... -en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.9.1.38/h ... -en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.9.4.34/d ... -en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.9.3.49/p ... -en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.0.30/f ... -en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.9.1.38/j ... -en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-8.0.0.30/v ... -en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-8.0.0.20/m ... -en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.0.20/l ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.9.4.41/m ... -en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.1.23/s ... -en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.8.4.51/m ... -en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-8.0.0.30/p ... -en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.9.0.43/f ... -en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-6.9.4.34/f ... -en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.9.0.43/w ... -en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-8.0.0.30/f ... -en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-8.0.0.30/p ... -en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.9.3.49/p ... -en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.0.61/p ... -en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-8.0.1.23/p ... -en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/s ... -en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-8.0.0.30/s ... -en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-8.0.0.30/s ... -en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-8.0.0.30/s ... -en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.9.4.41/p ... -en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.9.4.34/s ... -en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.9.4.34/s ... -en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.2.33/s ... -en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.9.3.39/s ... -en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-8.0.0.20/s ... -en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-8.0.0.20/h ... -en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.8.4.51/p ... -en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-8.0.0.20/t ... -en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.1.23/t ... -en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/applet-8.0.0.20/m ... -en_US.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-8.0.0.30/v ... -en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.34/b ... -en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.3.29/w ... -en_US.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://game1.pogo.com/cdl/launcher/Pogo ... taller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPU ... 10,0,911,0
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.co.uk/SnapfishUKUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pogo.com/online2/pogop ... 0.0.80.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\5020\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\5020\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thanks for any help
managerme
Regular Member
 
Posts: 15
Joined: April 26th, 2007, 4:51 am
Advertisement
Register to Remove

Unread postby chryssi2001 » April 29th, 2007, 4:32 am

Hello managerme, and Image to Malware Removal Forums.
I will be assisting you with your malware issues.
Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.

As I am still a trainee, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby chryssi2001 » May 1st, 2007, 12:18 pm

Hello managerme,

LIST OF PROGRAMS USING HIJACKTHIS


  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into a reply in this topic.
------------------------------------
Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
------------------------------------
Note:If you do have SmitfraudFix from a previous use, please update using option 4 and then run it.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby managerme » May 1st, 2007, 1:37 pm

thanks for your help

SmitFraudFix v2.171

Scan done at 18:35:14.32, 01/05/2007
Run from C:\Documents and Settings\tricia pettit\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\5020\SiteAdv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SiteAdvisor\5020\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\country.exe FOUND !
C:\WINDOWS\toolbar.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tricia pettit


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tricia pettit\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TRICIA~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{958E9DA6-6D0B-4F03-A243-0C73AC1680D8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{958E9DA6-6D0B-4F03-A243-0C73AC1680D8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{958E9DA6-6D0B-4F03-A243-0C73AC1680D8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

20/20 v2.2
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Xenofex 2.0
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ATI Control Panel
ATI Display Driver
Avanquest update
AVG Anti-Spyware 7.5
AVG Free Edition
Battlefield 2(TM)
broadband medic
BroadJump Client Foundation
Call of Duty
Call of Duty - United Offensive
Call of Duty(R) 2
CCleaner (remove only)
Corel Paint Shop Pro X
Cruise Ship Tycoon
CSE HTML Validator Lite v3.50
Deep Paint
Eye Candy 3
Eye Candy 4000 Demo
Filters Unlimited 1.0
Filters Unlimited 2.0
FinePixViewer Ver.4.3
FUJIFILM USB Driver
GTAIII
Harry's Filters 3
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HTML-Kit
HyperTyle 1.02
InterVideo WinDVD 4
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro 9
Jasc Virtual Painter 4
Java 2 Runtime Environment, SE v1.4.1_01
Java Web Start
LimeWire 4.9.33
Macromedia Shockwave Player
McAfee SiteAdvisor
Messenger Plus! 3
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AutoRoute v11.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Photo Standard 9
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Motorola Phone Tools
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
Network Play System (Patching)
NVIDIA Drivers
NVIDIA nForce Drivers
Paint Shop Pro 7
Panda ActiveScan
Path Copy Utility Uninstall
Picasa 2
Pinnacle InstantCD/DVD Suite
PSP Thumbnail Handler
QuickTime
Scrapbook Flair
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Serif DrawPlus 4.0
Serif PhotoPlus 7.0
Shockwave
SimCity 4
Skype 1.3
SmartFTP
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
SoftK56 Data Fax Voice Speakerphone CARP
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
TeamSpeak 2 RC2
The Font Thing
The Sims 2
The Sims 2 Body Shop
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 HomeCrafter Plus
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims Livin' it up
The Sims Makin' Magic
The Simsâ„¢ 2 Celebration! Stuff
The Simsâ„¢ 2 Seasons
Theme Hospital
Theme Park World
ubi.com
Ulead ArtTexture.Plugin 1.0
Ulead COOL 360 1.0
Ulead DVD PictureShow 2 SE Basic
Ulead Photo Explorer 8.0 SE Basic
Ulead Photo Express 4.0 SE
Ulead PhotoImpact 11
Ulead PhotoImpact 8 ESD
Uninstall DreamSuite
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
VGA USB Camera
ViviCam 3740
Vivicam 3740(Documents)
Vizros Plug-ins 4.1
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Xenofex 1.0
Xfire (remove only)
ZoneAlarm
Zoo Tycoon 2 - Marine Mania
managerme
Regular Member
 
Posts: 15
Joined: April 26th, 2007, 4:51 am

Unread postby chryssi2001 » May 2nd, 2007, 9:44 am

Hi managerme,

Please download ATF cleaner
This program is for XP and Windows 2000 only
Don't run it now.
------------------------------------
I see you have AVG Anti-Spyware installed.
Please skip the download part, update the program and be sure the settings are as below:

Please download AVG anti-spyware to your Desktop or to your usual Download Folder, from HERE
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Don't run a scan yet.
------------------------------------
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
------------------------------------
Double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
------------------------------------
ATF-Cleaner

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
------------------------------------
AVG Anti-Spyware-2nd Part
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

------------------------------------
Post C:\rapport.txt.
Please also post a new HijackThis log.
Is your computer running better now?
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby managerme » May 3rd, 2007, 4:28 pm

thanks for your help

SmitFraudFix v2.174

Scan done at 9:52:35.95, 03/05/2007
Run from C:\Documents and Settings\tricia pettit\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\country.exe Deleted
C:\WINDOWS\toolbar.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{958E9DA6-6D0B-4F03-A243-0C73AC1680D8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{958E9DA6-6D0B-4F03-A243-0C73AC1680D8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{958E9DA6-6D0B-4F03-A243-0C73AC1680D8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Logfile of HijackThis v1.99.1
Scan saved at 21:21:46, on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\5020\SiteAdv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SiteAdvisor\5020\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Documents and Settings\tricia pettit\My Documents\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\5020\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\5020\SiteAdv.dll
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\5020\SiteAdv.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O15 - Trusted Zone: http://www.artistrypsp.com
O15 - Trusted Zone: http://www.boots.co.uk
O15 - Trusted Zone: http://pub23.bravenet.com
O15 - Trusted Zone: http://*.buddinghtmlgurus.com
O15 - Trusted Zone: http://www.game.co.uk
O15 - Trusted Zone: http://www.geocities.com
O15 - Trusted Zone: http://www.meshplc.co.uk
O15 - Trusted Zone: http://www.msgplus.net
O15 - Trusted Zone: http://spaces.msn.com
O15 - Trusted Zone: http://www.wiseowls-studies.net
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-8.0.1.23/o ... -en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.8.4.51/a ... -en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-8.0.0.30/s ... -en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.8.4.39/b ... -en_US.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game1.pogo.com/applet-8.0.1.23/r ... -en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.8.4.51/b ... -en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-8.0.0.30/v ... -en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/c ... -en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.61/c ... -en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.9.4.34/c ... -en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.9.1.38/c ... -en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-8.0.1.23/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-8.0.1.23/c ... -en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-8.0.0.30/v ... -en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-8.0.0.30/e ... -en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.4.41/f ... -en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.3.29/s ... -en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-6.9.3.39/h ... -en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.9.1.38/h ... -en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-8.0.1.23/d ... -en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.9.3.49/p ... -en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.1.23/f ... -en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.9.1.38/j ... -en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-8.0.0.30/v ... -en_US.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-8.0.1.23/k ... -en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-8.0.0.20/m ... -en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.0.20/l ... -en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.9.4.41/m ... -en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.1.23/s ... -en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.8.4.51/m ... -en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-8.0.0.30/p ... -en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.9.0.43/f ... -en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-6.9.4.34/f ... -en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.9.0.43/w ... -en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-8.0.0.30/f ... -en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-8.0.0.30/p ... -en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.9.3.49/p ... -en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.0.61/p ... -en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-8.0.1.23/p ... -en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-8.0.1.23/s ... -en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-8.0.0.30/s ... -en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-8.0.0.30/s ... -en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-8.0.0.30/s ... -en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.9.4.41/p ... -en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.9.4.34/s ... -en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.9.4.34/s ... -en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.2.33/s ... -en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.9.3.39/s ... -en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-8.0.1.23/s ... -en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-8.0.1.23/h ... -en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-8.0.1.32/s ... -en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.8.4.51/p ... -en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-8.0.0.20/t ... -en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.1.23/t ... -en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.com/applet-8.0.0.20/m ... -en_US.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-8.0.0.30/v ... -en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.1.32/m ... -en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.9.4.34/b ... -en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-8.0.1.23/w ... -en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.1.23/w ... -en_US.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://game1.pogo.com/cdl/launcher/Pogo ... taller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPU ... 10,0,911,0
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.co.uk/SnapfishUKUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://clubgames.pogo.com/online2/pogop ... 0.0.80.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\5020\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\5020\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


avg didn't find anything comp seems to be ok at the moment fingers crossed but i will post in a couple of days when i have tested it out more thanks again for your time and help .I am using zone alarm as my fire wall is the windows one better as i really don't know how i end up with these problems as i thought i was well protected and should i be worried about the other things the panda scan found that nothing else has
thanks
managerme
Regular Member
 
Posts: 15
Joined: April 26th, 2007, 4:51 am

Unread postby chryssi2001 » May 4th, 2007, 8:50 am

Hi managerme,

I am glad your computer is working properly now.

Windows firewall is not recommended. It doesn't block everything that may try to get in, it doesn't block anything at all outbound, and the entire firewall is written to the registry.
Since most malware accesses the registry it can disable the Windows firewall.

Zone alarm is one of the firewall, we suggest.
----------------------------
Let's tidy up a little bit.

Now Go to Start-Settings-Control Panel, click on Add remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

    Java 2 Runtime Environment

If it's not there try this:

  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on Java 2 Runtime Environment, SE v1.4.1_01 and then click on the Delete this entry button.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java(TM) SE Runtime Environment 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

----------------------------
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O15 - Trusted Zone: http://www.artistrypsp.com
O15 - Trusted Zone: http://www.boots.co.uk
O15 - Trusted Zone: http://pub23.bravenet.com
O15 - Trusted Zone: http://*.buddinghtmlgurus.com
O15 - Trusted Zone: http://www.game.co.uk
O15 - Trusted Zone: http://www.geocities.com
O15 - Trusted Zone: http://www.meshplc.co.uk
O15 - Trusted Zone: http://www.msgplus.net
O15 - Trusted Zone: http://spaces.msn.com
O15 - Trusted Zone: http://www.wiseowls-studies.net


If you didn't set these restrictions, or those domains in your trusted zone sites,
please run HijackThis again, and fix all above lines.
You have a lot of 016 lines, pogo games. You can safely remove which ever you don't use anymore.
----------------------------
How to view Hidden files/folders.
http://www.bleepingcomputer.com/tutorials/tutorial62.html
don't forget to hide files/folders when this is finished

Search and find these files/folders in red below and delete them:
Don't worry for files/folders not found

FOLDER
c:\windows\uniq

FILE
c:\windows\seksdialer.exe
----------------------------
Please also remove smitfraud tool as you won't need it anymore.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby managerme » May 4th, 2007, 5:07 pm

thank you so much for your help all is still fine no freezes or rebooting
I have updated my java got rid of the file and folder and cleared out some of the pogo entries etc
thank you again for using your time to help me
managerme
Regular Member
 
Posts: 15
Joined: April 26th, 2007, 4:51 am

Unread postby chryssi2001 » May 5th, 2007, 10:32 am

This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :-

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    a. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above

    b. Make your Internet Explorer more secure - This can be done by following these simple instructions:

      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.

        a. Change the Download signed ActiveX controls to Prompt
        b. Change the Download unsigned ActiveX controls to Disable
        c. Change the Initialise and script ActiveX controls not marked as safe to Disable
        d. Change the Installation of desktop items to Prompt
        e. Change the Launching programs and files in an IFRAME to Prompt
        f. Change the Navigate sub-frames across different domains to Prompt
        g. When all these settings have been made, click on the OK button.
        h. If it prompts you as to whether or not you want to save the settings, press the Yes button.

      5. Next press the Apply button and then the OK to exit the Internet Properties page.

    c. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus

    d. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

    e. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls

    f. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    g. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware

    h. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware

    i. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware

    j. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby managerme » May 7th, 2007, 2:53 pm

oh well i spoke to soon after a few days with no problems 4 times today the comp has ever frozen or gone to a blue screen do you think i could still have something nasty on here or is it just computer playing up
thanks
managerme
Regular Member
 
Posts: 15
Joined: April 26th, 2007, 4:51 am

Unread postby chryssi2001 » May 8th, 2007, 8:59 am

Hi managerme,

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


Please post the resulting log here.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby managerme » May 8th, 2007, 11:17 am

wasn't sure if i needed the non microsoft for the files created and modified i didn't have them ticked for this scan if i should have i will redo
thanks for your help

WinPFind3 logfile created on: 08/05/2007 15:56:25
WinPFind3U by OldTimer - Version 1.0.35 Folder = C:\Documents and Settings\tricia pettit\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1.50 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 69.95% Memory free
2.11 Gb Paging File | 1.77 Gb Available in Paging File | 84.18% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.24 Gb Total Space | 82.30 Gb Free Space | 55.15% Space Free
D: Drive not present or media not loaded
Drive E: | 727.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: LIVINGROOM
Current User Name: tricia pettit
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4163 | Size = 450560 bytes | Modified Date = 15/03/2007 02:48:40 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4163 | Size = 450560 bytes | Modified Date = 15/03/2007 02:48:40 | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5120 | Size = 339968 bytes | Modified Date = 25/08/2004 12:52:00 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 22/04/2007 09:33:16 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 22/04/2007 09:33:16 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 22/04/2007 09:33:18 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 07/11/2006 18:07:34 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
iwctrl.exe -> %ProgramFiles%\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe -> Pinnacle Systems, Inc. [Ver = 4.0.2.7 | Size = 836096 bytes | Modified Date = 12/03/2003 12:56:56 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14/03/2007 03:43:44 | Attr = ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\5020\SAService.exe -> [Ver = | Size = 308824 bytes | Modified Date = 12/01/2007 18:51:10 | Attr = ]
sgbhp.exe -> %ProgramFiles%\SpywareGuard\sgbhp.exe -> [Ver = 2.02.0001 | Size = 233472 bytes | Modified Date = 29/08/2003 12:14:58 | Attr = ]
sgmain.exe -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 29/08/2003 20:05:36 | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\5020\SiteAdv.exe -> McAfee, Inc. [Ver = 2.1.1.75 | Size = 35928 bytes | Modified Date = 21/12/2006 21:50:46 | Attr = ]
sstray.exe -> %System32%\sstray.exe -> NVIDIA Corporation [Ver = 1.00.00.0348 | Size = 73728 bytes | Modified Date = 17/06/2003 17:18:46 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 09/03/2007 01:01:58 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.35.0 | Size = 319488 bytes | Modified Date = 06/05/2007 09:38:54 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 09/03/2007 01:02:00 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 15/08/2005 20:40:58 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4163 | Size = 450560 bytes | Modified Date = 15/03/2007 02:48:40 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 22/03/2007 21:05:00 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 15:13:20 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 22/04/2007 09:33:16 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 07/11/2006 18:07:34 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 351744 bytes | Modified Date = 22/04/2007 09:33:18 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 08:56:48 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 04/01/2007 02:40:22 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 01:41:10 | Attr = ]
(MsaSvc) Microsoft authenticate service [Win32_Own | Disabled | Stopped] -> %System32%\msasvc.exe -> File not found
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\5020\SAService.exe -> [Ver = | Size = 308824 bytes | Modified Date = 12/01/2007 18:51:10 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 09/03/2007 01:01:58 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5120 | Size = 339968 bytes | Modified Date = 25/08/2004 12:52:00 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 22/04/2007 09:33:16 | Attr = ]
IW ControlCenter -> %ProgramFiles%\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe -> Pinnacle Systems, Inc. [Ver = 4.0.2.7 | Size = 836096 bytes | Modified Date = 12/03/2003 12:56:56 | Attr = ]
KernelFaultCheck -> -> File not found
nForce Tray Options -> %System32%\sstray.exe -> NVIDIA Corporation [Ver = 1.00.00.0348 | Size = 73728 bytes | Modified Date = 17/06/2003 17:18:46 | Attr = ]
PinnacleDriverCheck -> %System32%\PSDrvCheck.exe -> [Ver = 1.0.0.50 | Size = 394240 bytes | Modified Date = 28/05/2003 17:37:44 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> File not found
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\5020\SiteAdv.exe -> McAfee, Inc. [Ver = 2.1.1.75 | Size = 35928 bytes | Modified Date = 21/12/2006 21:50:46 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14/03/2007 03:43:44 | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 09/03/2007 01:02:00 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< User Startup > -> C:\Documents and Settings\tricia pettit\Start Menu\Programs\Startup
%UserStartup%\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 29/08/2003 20:05:36 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 15:13:28 | Attr = ]
{81559C35-8464-49F7-BB0E-07A383BEF910} [HKLM] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [SpywareGuard] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 03/08/2003 00:20:58 | Attr = R ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4162 | Size = 114688 bytes | Modified Date = 15/03/2007 02:50:00 | Attr = ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Bar -> http://g.msn.co.uk/0SEENGB/SAOS01 ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://www.ntlworld.com/broadband ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
www_artistrypsp.com [http] -> ->
www_boots.co.uk [http] -> ->
www_game.co.uk [http] -> ->
www_game.co.uk [https] -> ->
www_geocities.com [http] -> ->
www_meshplc.co.uk [http] -> ->
spaces_msn.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> %ProgramFiles%\SiteAdvisor\5020\SiteAdv.dll [Reg Data - Value does not exist] -> McAfee, Inc. [Ver = 2.1.1.75 | Size = 1087064 bytes | Modified Date = 21/12/2006 21:50:42 | Attr = ]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 03/08/2003 00:24:02 | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> %ProgramFiles%\SiteAdvisor\5020\SiteAdv.dll [McAfee SiteAdvisor] -> McAfee, Inc. [Ver = 2.1.1.75 | Size = 1087064 bytes | Modified Date = 21/12/2006 21:50:42 | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 14/03/2007 03:43:42 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 03:43:40 | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{2F8651DD-96E9-449C-A564-368AA6ACC73F} -> (1394 Net Adapter) ->
{7D542BFB-AAA4-488D-A17A-109B83443DA6} -> () ->
{958E9DA6-6D0B-4F03-A243-0C73AC1680D8} -> (NVIDIA nForce MCP Networking Controller) ->
{A4F3461C-3416-46D2-9361-1C945E68F200} -> (3Com 3C920B-EMB Integrated Fast Ethernet Controller) ->
{AF9100B6-64FE-4C5E-BB63-26C0EE801150} -> (USB Cable Modem 351000) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
siteadvisor -> %ProgramFiles%\SiteAdvisor\5020\SiteAdv.dll -> McAfee, Inc. [Ver = 2.1.1.75 | Size = 1087064 bytes | Modified Date = 21/12/2006 21:50:42 | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Me ... b31267.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shoc ... tor/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/ ... ontrol.cab ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/ms ... b56986.cab ->
{215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan Agent 6.6 - CodeBase = http://eu-housecall.trendmicro-europe.c ... hcImpl.cab ->
{2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab ->
{3107C2A8-9F0B-4404-A58B-21BD85268FBC} -> PogoWebLauncher Control - CodeBase = http://game1.pogo.com/cdl/launcher/Pogo ... taller.CAB ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab ->
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://www.snapfish.co.uk/SnapfishUKActivia.cab ->
{4B48D5DF-9021-45F7-A240-60304302A215} -> Malicious Software Removal Tool - CodeBase = http://download.microsoft.com/download/ ... leaner.cab ->
{4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} -> InstallShield Setup Player 2K2 - CodeBase = http://www.ipswitch.com/_installs/wsftp_le/setup.exe ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://spaces.msn.com/PhotoUpload/MsnPU ... 10,0,911,0 ->
{5C051655-FCD5-4969-9182-770EA5AA5565} -> Solitaire Showdown Class - CodeBase = http://messenger.zone.msn.com/binary/So ... b56986.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://scan.safety.live.com/resource/do ... se5059.cab ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/Shar ... /cabsa.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Me ... Client.cab ->
{90051A81-3018-4826-8B38-DD60B6B53F9C} -> Snapfish File Upload ActiveX Control - CodeBase = http://www.snapfish.co.uk/SnapfishUKUpload.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan ... asinst.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/C ... 2744444444 ->
{A90A5822-F108-45AD-8482-9BC8B12DD539} -> Crucial cpcScan - CodeBase = http://www.crucial.com/controls/cpcScanner.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZI ... b32846.cab ->
{BF6BBE9A-0656-4598-A0CD-32DAC03959B5} -> Image Uploader 3.0 Control - CodeBase = http://www.tescophoto.com/wpp/tesco/app/opcuploader.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Me ... b56907.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/s ... wflash.cab ->
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -> CPlayFirstDinerDashControl Object - CodeBase = http://clubgames.pogo.com/online2/pogop ... 0.0.80.cab ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/Mi ... b56986.cab ->
6th Street Omaha Poker by pogo -> - CodeBase = http://game1.pogo.com/applet-8.0.1.23/o ... -en_US.cab ->
Blackjack by pogo -> - CodeBase = http://game1.pogo.com/applet-6.8.4.51/b ... -en_US.cab ->
Dice City Roller by pogo -> - CodeBase = http://game1.pogo.com/applet-8.0.1.23/ytz/ytz-en_US.cab ->
Dice Derby by pogo -> - CodeBase = http://game1.pogo.com/applet-8.0.1.23/c ... -en_US.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Double Deuce Poker by pogo -> - CodeBase = http://game1.pogo.com/applet-8.0.0.30/v ... -en_US.cab ->
High Stakes Poker by pogo -> - CodeBase = http://game1.pogo.com/applet-8.0.1.23/d ... -en_US.cab ->
High Stakes Pool by pogo -> - CodeBase = http://game1.pogo.com/applet-6.9.3.49/p ... -en_US.cab ->
Hog Heaven Slots by pogo -> - CodeBase = http://game1.pogo.com/applet-8.0.1.23/f ... -en_US.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
Texas Hold'em Poker by pogo -> - CodeBase = http://game1.pogo.com/applet-8.0.1.23/h ... -en_US.cab ->


[Files/Folders - Created Within 30 days]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 12/04/2007 06:44:25 | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 12/04/2007 06:44:40 | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 12/04/2007 06:45:01 | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 12/04/2007 06:44:18 | Attr = H ]
COM+.log -> %SystemRoot%\COM+.log -> [Ver = | Size = 1448 bytes | Created Date = 27/04/2007 11:09:01 | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12244 | Size = 573503 bytes | Created Date = 25/04/2007 14:01:25 | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12244 | Size = 577536 bytes | Created Date = 25/04/2007 14:01:25 | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 25/04/2007 14:01:25 | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 25/04/2007 14:01:25 | Attr = ]
KB930178.log -> %SystemRoot%\KB930178.log -> [Ver = | Size = 12540 bytes | Created Date = 11/04/2007 06:17:44 | Attr = ]
KB931261.log -> %SystemRoot%\KB931261.log -> [Ver = | Size = 12263 bytes | Created Date = 11/04/2007 06:17:52 | Attr = ]
KB931784.log -> %SystemRoot%\KB931784.log -> [Ver = | Size = 14112 bytes | Created Date = 11/04/2007 06:17:56 | Attr = ]
KB932168.log -> %SystemRoot%\KB932168.log -> [Ver = | Size = 14132 bytes | Created Date = 11/04/2007 06:17:30 | Attr = ]
ntbtlog.txt -> %SystemRoot%\ntbtlog.txt -> [Ver = | Size = 115560 bytes | Created Date = 03/05/2007 08:50:08 | Attr = ]
pxdrvinstall.log -> %SystemRoot%\pxdrvinstall.log -> [Ver = | Size = 15390 bytes | Created Date = 09/04/2007 14:48:23 | Attr = ]
pxinstall_log.txt -> %SystemRoot%\pxinstall_log.txt -> [Ver = | Size = 126345 bytes | Created Date = 09/04/2007 14:47:45 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 07/05/2007 22:49:25 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 07/05/2007 22:49:25 | Attr = H ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 04/05/2007 15:25:11 | Attr = ]
ua2.dll -> %SystemRoot%\ua2.dll -> [Ver = | Size = 77312 bytes | Created Date = 09/04/2007 14:47:32 | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 25/04/2007 10:18:02 | Attr = ]
asfiles.txt -> %System32%\asfiles.txt -> [Ver = | Size = 0 bytes | Created Date = 25/04/2007 10:21:37 | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 25/04/2007 10:18:32 | Attr = ]
ati2sgag.exe -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Created Date = 29/04/2007 13:01:47 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 25/04/2007 10:18:06 | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 04/05/2007 15:24:11 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 04/05/2007 15:24:11 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 04/05/2007 15:24:11 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 04/05/2007 15:24:11 | Attr = ]
jupdate-1.6.0_01-b06.log -> %System32%\jupdate-1.6.0_01-b06.log -> [Ver = | Size = 4027 bytes | Created Date = 04/05/2007 15:24:01 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 25/04/2007 10:18:05 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 25/04/2007 10:18:06 | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 25/04/2007 10:18:32 | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3868 | Size = 69905 bytes | Created Date = 25/04/2007 14:01:25 | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 17/04/2007 15:51:19 | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 26/04/2007 10:29:12 | Attr = RH ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 27/04/2007 18:30:52 | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 09/04/2007 21:43:16 | Attr = R ]
rapport.txt -> %SystemDrive%\rapport.txt -> [Ver = | Size = 1833 bytes | Modified Date = 03/05/2007 09:53:28 | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 05/05/2007 17:41:38 | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 08/05/2007 14:19:02 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 11/04/2007 07:17:58 | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 12/04/2007 07:44:28 | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 12/04/2007 07:44:42 | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 12/04/2007 07:45:04 | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 12/04/2007 07:44:20 | Attr = H ]
0.log -> %SystemRoot%\0.log -> [Ver = | Size = 0 bytes | Modified Date = 08/05/2007 14:19:40 | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 25/04/2007 12:53:30 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 08/05/2007 14:19:00 | Attr = S]
CoD.INI -> %SystemRoot%\CoD.INI -> [Ver = | Size = 766 bytes | Modified Date = 06/05/2007 22:45:04 | Attr = ]
COM+.log -> %SystemRoot%\COM+.log -> [Ver = | Size = 1448 bytes | Modified Date = 27/04/2007 12:09:04 | Attr = ]
comsetup.log -> %SystemRoot%\comsetup.log -> [Ver = | Size = 45052 bytes | Modified Date = 12/04/2007 07:45:20 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 05/05/2007 17:47:18 | Attr = S]
DUMP8201.tmp -> %SystemRoot%\DUMP8201.tmp -> [Ver = | Size = 90112 bytes | Modified Date = 17/04/2007 14:07:00 | Attr = ]
FaxSetup.log -> %SystemRoot%\FaxSetup.log -> [Ver = | Size = 135490 bytes | Modified Date = 12/04/2007 07:45:18 | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12244 | Size = 573503 bytes | Modified Date = 25/04/2007 15:01:26 | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12244 | Size = 577536 bytes | Modified Date = 12/04/2007 17:04:00 | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 25/04/2007 15:01:26 | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 25/04/2007 15:01:26 | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 24/04/2007 23:51:38 | Attr = ]
iis6.log -> %SystemRoot%\iis6.log -> [Ver = | Size = 21834 bytes | Modified Date = 12/04/2007 07:45:20 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 12/04/2007 07:44:52 | Attr = ]
imsins.log -> %SystemRoot%\imsins.log -> [Ver = | Size = 1374 bytes | Modified Date = 12/04/2007 07:45:20 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 29/04/2007 14:04:38 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 04/05/2007 16:24:14 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 08/05/2007 15:50:24 | Attr = ]
KB930178.log -> %SystemRoot%\KB930178.log -> [Ver = | Size = 12540 bytes | Modified Date = 12/04/2007 07:44:38 | Attr = ]
KB931261.log -> %SystemRoot%\KB931261.log -> [Ver = | Size = 12263 bytes | Modified Date = 12/04/2007 07:44:52 | Attr = ]
KB931784.log -> %SystemRoot%\KB931784.log -> [Ver = | Size = 14112 bytes | Modified Date = 12/04/2007 07:45:20 | Attr = ]
KB932168.log -> %SystemRoot%\KB932168.log -> [Ver = | Size = 14132 bytes | Modified Date = 12/04/2007 07:44:24 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 08/05/2007 14:19:02 | Attr = ]
ModemLog_SoftK56 Data Fax Voice Speakerphone CARP.txt -> %SystemRoot%\ModemLog_SoftK56 Data Fax Voice Speakerphone CARP.txt -> [Ver = | Size = 3888 bytes | Modified Date = 08/05/2007 14:19:34 | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 12/04/2007 08:46:48 | Attr = ]
msgsocm.log -> %SystemRoot%\msgsocm.log -> [Ver = | Size = 6798 bytes | Modified Date = 12/04/2007 07:45:20 | Attr = ]
ntbtlog.txt -> %SystemRoot%\ntbtlog.txt -> [Ver = | Size = 115560 bytes | Modified Date = 03/05/2007 09:51:32 | Attr = ]
ntdtcsetup.log -> %SystemRoot%\ntdtcsetup.log -> [Ver = | Size = 27362 bytes | Modified Date = 12/04/2007 07:45:20 | Attr = ]
ocgen.log -> %SystemRoot%\ocgen.log -> [Ver = | Size = 64152 bytes | Modified Date = 12/04/2007 07:45:20 | Attr = ]
ocmsn.log -> %SystemRoot%\ocmsn.log -> [Ver = | Size = 7524 bytes | Modified Date = 12/04/2007 07:45:20 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 08/05/2007 15:55:46 | Attr = ]
pxdrvinstall.log -> %SystemRoot%\pxdrvinstall.log -> [Ver = | Size = 15390 bytes | Modified Date = 09/04/2007 21:43:12 | Attr = ]
pxinstall_log.txt -> %SystemRoot%\pxinstall_log.txt -> [Ver = | Size = 126345 bytes | Modified Date = 09/04/2007 21:43:24 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 07/05/2007 23:49:26 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 07/05/2007 23:49:26 | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 27/04/2007 12:04:00 | Attr = ]
SchedLgU.Txt -> %SystemRoot%\SchedLgU.Txt -> [Ver = | Size = 32654 bytes | Modified Date = 08/05/2007 00:09:04 | Attr = ]
setupact.log -> %SystemRoot%\setupact.log -> [Ver = | Size = 1800 bytes | Modified Date = 07/05/2007 23:50:30 | Attr = ]
setupapi.log -> %SystemRoot%\setupapi.log -> [Ver = | Size = 278212 bytes | Modified Date = 05/05/2007 17:47:18 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 25/04/2007 13:00:44 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 04/05/2007 16:25:12 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 285 bytes | Modified Date = 27/04/2007 18:30:52 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 04/05/2007 16:24:12 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 08/05/2007 14:22:16 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 08/05/2007 15:55:38 | Attr = ]
tsoc.log -> %SystemRoot%\tsoc.log -> [Ver = | Size = 51898 bytes | Modified Date = 12/04/2007 07:45:20 | Attr = ]
ua2.dll -> %SystemRoot%\ua2.dll -> [Ver = | Size = 77312 bytes | Modified Date = 09/04/2007 15:47:34 | Attr = ]
updspapi.log -> %SystemRoot%\updspapi.log -> [Ver = | Size = 10896 bytes | Modified Date = 12/04/2007 07:44:34 | Attr = ]
wiadebug.log -> %SystemRoot%\wiadebug.log -> [Ver = | Size = 159 bytes | Modified Date = 08/05/2007 14:19:26 | Attr = ]
wiaservc.log -> %SystemRoot%\wiaservc.log -> [Ver = | Size = 48 bytes | Modified Date = 08/05/2007 14:19:22 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 802 bytes | Modified Date = 06/05/2007 23:01:50 | Attr = ]
WindowsUpdate.log -> %SystemRoot%\WindowsUpdate.log -> [Ver = | Size = 1126988 bytes | Modified Date = 08/05/2007 14:19:34 | Attr = ]
WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 16 bytes | Modified Date = 29/04/2007 13:57:46 | Attr = ]
wmsetup.log -> %SystemRoot%\wmsetup.log -> [Ver = | Size = 19099 bytes | Modified Date = 11/04/2007 10:53:00 | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 08/05/2007 14:22:16 | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 08/05/2007 14:19:04 | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 25/04/2007 13:00:48 | Attr = ]
asfiles.txt -> %System32%\asfiles.txt -> [Ver = | Size = 0 bytes | Modified Date = 25/04/2007 11:21:38 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 29/04/2007 14:01:38 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 08/05/2007 14:22:20 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 25/04/2007 13:01:10 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 29/04/2007 14:01:46 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 29/04/2007 14:01:40 | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 02/05/2007 19:20:30 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 25/04/2007 11:18:08 | Attr = ]
jupdate-1.6.0_01-b06.log -> %System32%\jupdate-1.6.0_01-b06.log -> [Ver = | Size = 4027 bytes | Modified Date = 04/05/2007 16:24:12 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 25/04/2007 11:18:06 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 05/05/2007 17:41:38 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2378 bytes | Modified Date = 03/05/2007 09:52:42 | Attr = ]
tmp.txt -> %System32%\tmp.txt -> [Ver = | Size = 0 bytes | Modified Date = 03/05/2007 09:52:42 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 25/04/2007 11:18:08 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49617 bytes | Modified Date = 08/05/2007 14:19:46 | Attr = H ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 25/04/2007 13:03:22 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 12598 bytes | Modified Date = 08/05/2007 14:20:06 | Attr = ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 25/04/2007 13:03:40 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 28/04/2007 09:32:42 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 22/04/2007 09:33:08 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 08/05/2007 11:17:54 | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3868 | Size = 69905 bytes | Modified Date = 25/04/2007 15:01:26 | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\choice.exe -> [Ver = | Size = 21312 bytes | Modified Date = 21/12/1999 07:58:02 | Attr = ]
@Alternate Data Stream - 4348 bytes -> %SystemRoot%\MESH_SKY.BMP:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\MESH_SKY.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
Umonitor , -> %SystemRoot%\pxinstall_log.txt -> [Ver = | Size = 126345 bytes | Modified Date = 09/04/2007 21:43:24 | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 29/08/2002 13:00:00 | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 5904 bytes -> %System32%\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc ->
@Alternate Data Stream - 0 bytes -> %System32%\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ->
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 29/08/2002 13:00:00 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 28/04/2007 09:32:42 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04/08/2004 06:41:38 | Attr = ]

< End of report >
managerme
Regular Member
 
Posts: 15
Joined: April 26th, 2007, 4:51 am

Unread postby chryssi2001 » May 9th, 2007, 1:07 am

Hi managerme,

I need some time to review the report and i'll be back. Be patient.
Thank you. :)
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby chryssi2001 » May 10th, 2007, 8:59 am

Hi managerme,

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Win32 Services - Non-Microsoft Only]
YY -> (MsaSvc) Microsoft authenticate service [Win32_Own | Disabled | Stopped] -> %System32%\msasvc.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> KernelFaultCheck ->
< Internet Explorer Settings > ->
YN -> HKLM: Local Page -> C:\windows\system32\blank.htm
YN -> HKCU: Local Page -> C:\windows\system32\blank.htm
[Files/Folders - Modified Within 30 days]
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
NY -> imsins.log -> %SystemRoot%\imsins.log


The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system
---------------------------------------
HOW TO VIEW HIDDEN FILES/FOLDERS
http://www.bleepingcomputer.com/tutorials/tutorial62.html

Windows XP
Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:

  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
  • Now your computer is configured to show all hidden files.


Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete the following (some may not be present after previous steps):

c:\windows\system32\msasvc.exe
c:\windows\system\imsins.BAK
c:\windows\system\imsins.log
---------------------------------------
After doing this please describe if you get any messages when your computer freezes, or having the BSOD, and what they say.

Now if the computer behaves well after this, wait a couple of days and please describe messages, if they still appear, and tell us if your computer freezes.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby managerme » May 10th, 2007, 10:34 am

here is the log from the winpfind it didn't ask me to reboot but i did anyway but i couldn't find any of the 3 files

[Win32 Services - Non-Microsoft Only]
Service MsaSvc stopped successfully.
Service MsaSvc deleted successfully.
File C:\WINDOWS\SYSTEM32\msasvc.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\imsins.BAK moved successfully.
C:\WINDOWS\imsins.log moved successfully.
< End of log >
Created on 05/10/2007 15:22:13
managerme
Regular Member
 
Posts: 15
Joined: April 26th, 2007, 4:51 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware