Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijack this log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hijack this log

Unread postby B capewell » August 31st, 2006, 4:28 am

Logfile of HijackThis v1.99.1
Scan saved at 09:05:03, on 31/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Advanced WindowsCare] "C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5729683109
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7468CB6-1AED-4C86-AAA7-EFDFBC7F2BFC}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
B capewell
Active Member
 
Posts: 7
Joined: August 31st, 2006, 4:18 am
Advertisement
Register to Remove

Unread postby dan12 » August 31st, 2006, 8:37 am

HiB capewell and welcome to malwareremoval forums

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience!
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby dan12 » August 31st, 2006, 1:18 pm

Hi B capewell I dont see alot going on in your log can you tell me what problems you have been having?

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (If available otherwise Standard)
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

In your next post please include a new hjt log the kaspersky log and what problems you have.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

ive tried doing what you said

Unread postby B capewell » September 1st, 2006, 10:40 am

it took 10hrs pc has now gone that slow, it said 1 virus fount and, and 2 suspect files its taken 30 mins to type this, spybot has also kicked in (dont know why) saying ive got a graybird.backdoor.gen please help , or give this computer some wings as it might be going throughmy window
B capewell
Active Member
 
Posts: 7
Joined: August 31st, 2006, 4:18 am

Unread postby dan12 » September 1st, 2006, 12:23 pm

Hi B.Capewell

Download WinPFind2
  • Open the newly made WinPFind2 folder on your Desktop
  • Double click winpfind2.exe
  • Click the Select All button in the File Options box
  • Click the Run All Scans button
  • When the scan is done you will see Scans Complete! at the bottom left of the tool
  • Click the Simple Report button
  • Notepad will open up with the results of the scan



*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced." deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.


Please download and install Ewido Anti-Spyware
  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait Ewido will open main screen automatically.
  • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
  • This in very important to get updates
  • When updating has finished. Close Ewido.



Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner
  • Click on the Settings tab.
  • Under How to act ?Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?All checkboxes should be ticked.
  • Under Possibly unwanted software: All checkboxes should be ticked.
  • Under Reports:Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished:
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)

    Image
  • When done, click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.


Please include new HJT log plus ewido Log and kaspersky log plus the winpfind log
in your next post
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

still going slow if anything slowing down

Unread postby B capewell » September 3rd, 2006, 3:32 am

hi mate,
Ewidow fount nothing after a 12hr scan, spydoctor fount 'backdoor.graybird' but i think thats a spoof, at the moment cant get winpfind2p to work, i will try that again, i will keep you posted

Logfile of HijackThis v1.99.1
Scan saved at 08:30:05, on 03/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgin.net/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Advanced WindowsCare] "C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net/
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5729683109
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7468CB6-1AED-4C86-AAA7-EFDFBC7F2BFC}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
B capewell
Active Member
 
Posts: 7
Joined: August 31st, 2006, 4:18 am

Hope you find something

Unread postby B capewell » September 5th, 2006, 3:23 pm

Here is my Winpfind2 report




Logfile created on: 09/05/2006 20:20
WinPFind2 by OldTimer - Version 1.0.8 Folder = C:\Documents and Settings\user\Desktop\winpfind2\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< Processes (Non-Microsoft Only) >
c:\program files\iobit\advanced windowscare v2\autoupdate.exe - (IObit )
c:\progra~1\grisoft\avg free\avgamsvr.exe - (GRISOFT, s.r.o. )
c:\program files\grisoft\avg free\avgcc.exe - (GRISOFT, s.r.o. )
c:\progra~1\grisoft\avg free\avgemc.exe - (GRISOFT, s.r.o. )
c:\progra~1\grisoft\avg free\avgupsvc.exe - (GRISOFT, s.r.o. )
c:\program files\iobit\advanced windowscare v2\awc.exe - (IObit )
c:\program files\ewido anti-spyware 4.0\ewido.exe - (Anti-Malware Development a.s. )
c:\program files\ewido anti-spyware 4.0\guard.exe - (Anti-Malware Development a.s. )
c:\documents and settings\user\desktop\winpfind2\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM->Main\\Default_Page_URL - http://www.virgin.net/
HKLM->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM->Main\\Local Page - C:\WINDOWS\system32\blank.htm
HKCU->Main\\Start Page - http://www.virgin.net/
HKCU->Main\\Search Bar - http://www.google.com/ie
HKCU->Main\\Search Page - http://www.google.com
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://www.google.com/ie
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride -

[>> BHO's <<]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )
{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar2.dll (Google Inc. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{32683183-48a0-441b-a342-7c2a440a9478} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8195 - Sun Java Console
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8196 - Reg Data missing or invalid
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8193 -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 - Windows Messenger
NextId - 8197

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - MenuText: = Reg Data missing or invalid (File not found))
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[HKCU-> Internet Explorer Menu Extensions]
&Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html (Google Inc. )
&Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html (Google Inc. )
Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html (Google Inc. )
Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html (Google Inc. )
Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html (Google Inc. )
Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html (Google Inc. )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
* - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
Directory - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
Folder - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]

[>> Registry Run Keys <<]
HKLM->Run\\Advanced WindowsCare - "C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" /startup (IObit )
HKLM->Run\\Windows Defender - "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation )

[>> Startup Lnks <<]
HKLM->Common Startup - desktop.ini - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ( )
HKCU->Startup - desktop.ini - C:\Documents and Settings\user\Start Menu\Programs\Startup\desktop.ini ( )

[>> Disabled MSConfig Items <<]
StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk.disabled - Picture Package Menu.lnk = (File not found))
StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk.disabled - Picture Package VCD Maker.lnk = (File not found))
StartUpReg\adwarealert - AdwareAlert = (File not found))
StartUpReg\AVG7_CC - avgcc = (File not found))
StartUpReg\ccApp - ccApp = (File not found))

[>> User Agent Post Platform <<]
SV1 -
VNIE5 RefIE5 - IEAK

[>> AppInit DLLs <<]

[>> Image File Execution Options <<]
Your Image File Name Here without a path - Debugger = ntsd -d

[>> Shell Service Object Delay Load <<]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )

[>> Shell Execute Hooks <<]
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - Microsoft AntiMalware ShellExecuteHook = C:\PROGRA~1\WINDOW~2\MpShHook.dll (Microsoft Corporation )
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[>> Shared Task Scheduler <<]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )

[>> Winlogon <<]
UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
Shell - Explorer.exe (Microsoft Corporation )
System - (File not found))
Notify\WgaLogon - (File not found))

[>> DNS Name Servers <<]
{697A2659-49F6-471F-9807-BD59D1C0F024} - ()
{D834582F-4B91-4F98-A793-A5827E4BD469} - (Intel(R) PRO/100 VM Network Connection)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found))
msdaipp - (File not found))

[>> Protocol Filters (Non-Microsoft only) <<]

< Services (Non-Microsoft Only) >
AVG7 Alert Manager Server (Avg7Alrt) - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
AVG7 Update Service (Avg7UpdSvc) - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
AVG E-mail Scanner (AVGEMS) - C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
ewido anti-spyware 4.0 guard (ewido anti-spyware 4.0 guard) - C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]

< Files >

%SystemDrive%

%ProgramFilesDir%

%WinDir%

%System%
C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 08/23/2001 13:00 | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.dll - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Date = 06/19/2006 16:19 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.19.1567.0 | Size = 8325544 bytes | Date = 08/09/2006 20:03 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.19.1567.0 | Size = 8325544 bytes | Date = 08/09/2006 20:03 | Attr = ])
C:\WINDOWS\SYSTEM32\ntbackup.exe - WSUD (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\ntdll.dll - aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 08/23/2001 13:00 | Attr = ])
C:\WINDOWS\SYSTEM32\WgaTray.exe - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 06/19/2006 16:19 | Attr = ])

%System%\Drivers folder and sub-folders
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - UPX! (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/21/2006 20:02 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - FSG! (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/21/2006 20:02 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - PEC2 (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/21/2006 20:02 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - aspack (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/21/2006 20:02 | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys - PTech (Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Date = 08/04/2004 06:41 | Attr = ])

%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\bootstat.dat - ( [Ver = | Size = 2048 bytes | Date = 09/04/2006 16:53 | Attr = S])
C:\WINDOWS\system32\afdbded4_s.dll - ( [Ver = | Size = 5 bytes | Date = 07/29/2006 20:53 | Attr = HS])
C:\WINDOWS\system32\AuxDrv32ds_d.ods - ( [Ver = | Size = 5 bytes | Date = 07/29/2006 20:47 | Attr = HS])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat - ( [Ver = | Size = 23751 bytes | Date = 07/28/2006 13:16 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat - ( [Ver = | Size = 10337 bytes | Date = 07/27/2006 15:00 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat - ( [Ver = | Size = 10925 bytes | Date = 07/21/2006 10:03 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921398.cat - ( [Ver = | Size = 13050 bytes | Date = 07/13/2006 15:24 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat - ( [Ver = | Size = 10925 bytes | Date = 07/14/2006 17:13 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat - ( [Ver = | Size = 10925 bytes | Date = 07/14/2006 16:53 | Attr = S])
C:\WINDOWS\system32\config\default.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/05/2006 16:08 | Attr = H ])
C:\WINDOWS\system32\config\DEFAULT.rrr.LOG - ( [Ver = | Size = 0 bytes | Date = 08/16/2006 18:04 | Attr = H ])
C:\WINDOWS\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/04/2006 16:57 | Attr = H ])
C:\WINDOWS\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/04/2006 17:09 | Attr = H ])
C:\WINDOWS\system32\config\software.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/05/2006 19:28 | Attr = H ])
C:\WINDOWS\system32\config\SOFTWARE.rrr.LOG - ( [Ver = | Size = 0 bytes | Date = 08/16/2006 18:04 | Attr = H ])
C:\WINDOWS\system32\config\system.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/05/2006 16:19 | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG - ( [Ver = | Size = 1024 bytes | Date = 08/28/2006 13:42 | Attr = H ])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\f46de8a3-9ad1-4793-a92c-d166019c893c - ( [Ver = | Size = 388 bytes | Date = 07/31/2006 05:09 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred - ( [Ver = | Size = 24 bytes | Date = 07/31/2006 05:09 | Attr = HS])
C:\WINDOWS\Tasks\MP Scheduled Scan.job - ( [Ver = | Size = 330 bytes | Date = 09/05/2006 00:00 | Attr = H ])
C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 09/04/2006 17:01 | Attr = H ])
C:\WINDOWS\Temp\MpCmdRun-43-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock - ( [Ver = | Size = 0 bytes | Date = 09/04/2006 00:00 | Attr = H ])
C:\WINDOWS\Temp\MpCmdRun-43-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock - ( [Ver = | Size = 0 bytes | Date = 09/04/2006 00:00 | Attr = H ])
CPL files -
C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 49265 bytes | Date = 11/10/2005 13:03 | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/23/2001 13:00 | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/23/2001 13:00 | Attr = ])
C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\nwc.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 08/23/2001 13:00 | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/23/2001 13:00 | Attr = ])
C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 05:16 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/23/2001 13:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/23/2001 13:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 08/23/2001 13:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl - (Microsoft Corporation [Ver = 5.1.4111.00 (xpsp_sp2_rtm.040803-2158) | Size = 155648 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/23/2001 13:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 08:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 05:16 | Attr = ])

AllUsers Startup Folder
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 05/01/2004 17:26 | Attr = HS])

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 04/30/2004 18:09 | Attr = HS])

CurrentUser Startup Folder
C:\Documents and Settings\user\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 05/01/2004 17:26 | Attr = HS])

CurrentUser ApplicationData Folder
C:\Documents and Settings\user\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 04/30/2004 18:09 | Attr = HS])
C:\Documents and Settings\user\Application Data\ViewerApp.dat - ( [Ver = | Size = 284 bytes | Date = 01/03/2006 18:16 | Attr = ])

DPF files
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partne ... nicode.cab
{193C772A-87BE-4B19-A7BB-445B226FE9A1} - ewidoOnlineScan Control - CodeBase = http://download.ewido.net/ewidoOnlineScan.cab
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - YInstStarter Class - CodeBase = http://us.dl1.yimg.com/download.yahoo.c ... 040510.cab
{4B48D5DF-9021-45F7-A240-60304302A215} - Malicious Software Removal Tool - CodeBase = http://download.microsoft.com/download/ ... leaner.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftup ... 5729683109
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - SABScanProcesses Class - CodeBase = http://www.superadblocker.com/activex/sabspx.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shoc ... wflash.cab

Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright (c) 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -

< End of report >
B capewell
Active Member
 
Posts: 7
Joined: August 31st, 2006, 4:18 am

Unread postby dan12 » September 7th, 2006, 7:36 am

Hi B capewell
Please note
Regarding the scans I am asking for I only have your interpretation of the results.
If I dont have the full scan reports to research your problems I'm going around blind.
I need something to research and look into.
I appreciate you say your having problems with the scans, but am very supprised ewido never even picked up at least a tracking cookie or two.
You say
the kaspersky scan found one virus and two "suspect" files,
again I need the log to see where these files are ( file paths etc,) are you allowing the scans to finish?
All I have to go on is that you say the pc is slow, but it would be helpfull if you can tell me when your problems started, the specifacation of your machine,what size HDD, how much ram you have,free disk space etc all these things help me to help you.
I hope you can appreciate where I'm having difficulties helping you. I'm here to help you rule out malware from your machine which I'm happy to do.
Once i have done that if you still have problems we are looking at hardware\software issues which I would advise a couple of sites that could further help with your problems and get it resolved quickly for you.

----------------
Ok,
I need you to submit some file(s).
put these files in one at a time and wait for the results, when you first go there, you may have to wait a short period, again be patient the upload file button may be grayed out.
when its ready to scan it will not be grayed out.

* Please go to Jotti's malware scan
* Copy and paste the following file path into the File to upload & scan box on the top of the page:

C:\WINDOWS\system32\afdbded4_s.dll
C:\WINDOWS\system32\AuxDrv32ds_d.ods



* Click on the Submit button
* Please post the results in your next reply.
.........................................
All though this, ( Advanced Windows Care ) is not malware and is a legitamate file it's known to cause problems with system restore and other system functions; therefore, we advise its removal.
If you find it makes no difference in the system's performance, and it's something you really feel you need then it can be reinstalled.
I you need this then Ignore this instruction.

I want you to go to add and remove programs and delete Advanced Windows Care
Delete programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present). It could be that they have a space or something between it, but it has to look like it:
  • Advanced Windows Care


Dare I ask for scan reports for ewido and kaspersky scans in your next post.:D
regards dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Hope this helps you Dan

Unread postby B capewell » September 12th, 2006, 3:51 pm

Sorry its taken me so long, what with work and a 19 month old princess (Daughter) spare times are few and far between, even more so when your pc is going slower than the snail going up my window. Hope this helps all i use the pc for is photos and video editing of little daughter so im getting to the end of my tether.
ewido anti-spyware - Scan Report
---------------------------------------------------------
Ewidos scan.

+ Created at: 19:44:35 08/09/2006

+ Scan result:



C:\Documents and Settings\user\Cookies\user@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).


::Report end
AND THE OTHER REPORT ! (FINGERS CROSSED) THIS IS THE ONE THATS SAYING 1 INFECTED AND 2 SUSPECT
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 12, 2006 8:45:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/09/2006
Kaspersky Anti-Virus database records: 209544
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 26610
Number of viruses found: 1
Number of infected objects: 0 / 0
Number of suspicious objects: 2
Duration of the scan process: 07:11:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdwareAlert.zip/Progress.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdwareAlert.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7953800F-CA16-4025-996A-4F6C98376361}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FDA863B3-E26A-4AC1-9882-5F2EA8C06B3B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
i HAVE ALSO REMOVED THE WINDOW CARE THING AND THE PROBLEM THAT EWIDOW FOUND I PUT IN QUARATINE.

HOPE THIS IS OF SOME HELP, AND THANKS FOR YOUR TIME , AND EFFORT.
BEN
B capewell
Active Member
 
Posts: 7
Joined: August 31st, 2006, 4:18 am

Unread postby dan12 » September 12th, 2006, 5:43 pm

Thanks for your scans, have you the results of the Jottie's scan for the two files I asked?
Thanks dan. :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

SORRY MATE I FORGOT JOTTIS

Unread postby B capewell » September 13th, 2006, 4:38 pm

THESE ARE THE SCAN REPORTS, BUT FOR LOVE NOR MONEY I CANT UNDERSTAND, WHY THESE FILES, AND WHY TO SCAN THEM, BUT ANY WAY YOU GUYS ARE THE EXPERTS. BY THE WAY TONIGHT MY PC IS GOING LIKE A ROCKET, NORMALLY WHEN I TRY TO OPEN E-MAILS, IT TAKES ABOUT 3 MINS TO OPEN AND RECIVE, BUT TONIGHT WAS INSTANT, IF IT IS SOME BODY WATCHING (IF THATS WHATS HAPPENING) WILL IT SLOW THINGS DOWN WHEN THEY ARE, AND WHEN THEY ARE NOT IM TROUBLE FREE. (IS THIS HOW MALWARE, TROJANS ETC WORK ?)
----------------------------------------------------------------------------
afdbded4_s.dll

Scanner Malware name
AntiVir Backdoor-Server/Bifrose.ZtB backdoor
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web X
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control Bifrose.D
UNA X
VirusBuster X
VBA32 X
---------------------------------------------------------------------------------
Service load: 0% 100%

File: AuxDrv32ds_d.ods
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 d5c8481ca854334c0a5621e08afdc272
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
-----------------------------------------------------------------------
HOPE THIS IS OF HELP MATE, I THINK I KNOW WHERE YOU ARE COMMING FROM WITH THESE SCANS.

HAVE WE NOW CONFIRMED THAT THE FILE 'afdbded4_s.dll' IS A KNOWN PROBLEM WITH SOME SCANNERS, SO RATHER THAN USING EACH SCANNER, 'YOU' HAVE SEEN A SUSPECT FILE AND THEN ASKED THE SCANNING PROGRAMS IF THIS IS A PROBLEM , (AS I PUT IT)

THANKS AGAIN MATE FOR YOUR TIME !
B capewell
Active Member
 
Posts: 7
Joined: August 31st, 2006, 4:18 am

Unread postby dan12 » September 14th, 2006, 1:38 pm

Hi B capewell,
I hope now you can see why I ask for different scans, some look deeper into the windows system to assist me to research the returned logs.
Had i not asked for you to upload those files, that you said "BUT FOR LOVE NOR MONEY I CANT UNDERSTAND, WHY THESE FILES, AND WHY TO SCAN THEM," we would not of uncovered the backdoor trojan.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed,information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Should you have any questions, please feel free to ask.
--------------------------------


Download the Killbox.
Unzip it to the desktop

Double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\WINDOWS\system32\afdbded4_s.dll
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.

can you do me a further ewido scan and a kaspersky scanand I would like a winpfind scan as well if you have not got the program anymore
follow this
Download WinPFind2.
  • Open the newly made WinPFind2 folder on your Desktop
  • Double click winpfind2.exe
  • Click the Select All button in the File Options box
  • Click the Run All Scans button
  • When the scan is done you will see Scans Complete! at the bottom left of the tool
  • Click the Simple Report button
  • Notepad will open up with the results of the scan



Please include new HJT log plus ewido Log and kaspersky scan
in your next post plus the winpfind log
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby Nick-YF19 » September 28th, 2006, 2:48 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware