Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need Help removing these !!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need Help removing these !!

Unread postby unlv » April 27th, 2006, 11:27 pm

Adware CMD Service
New Net
Surf side kick & whatever else !!

Here is my Hijack Log :

Logfile of HijackThis v1.99.1
Scan saved at 11:14:26 PM, on 4/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RGF2aWQ\command.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\WINDOWS\ms03263117741.exe
C:\WINDOWS\pop06ap2.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
C:\WINDOWS\system32\YSTEM~1\services.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Dave\Application Data\s?stem\winword.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qpqkp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,clxobon.exe
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: ohb - {49256FE8-6394-4ACE-939C-22F35CA042AD} - (no file)
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~2\PopUp.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O2 - BHO: (no name) - {E8DEC8EA-8D80-4ec6-AF6B-190A765F1D2F} - C:\WINDOWS\system32\gebxx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutoUpdate.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [ms03263117741] C:\WINDOWS\ms03263117741.exe
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [w881dfb7.dll] RUNDLL32.EXE w881dfb7.dll,I2 0009ac120881dfb7
O4 - HKLM\..\Run: [ms05311774126] C:\WINDOWS\ms05311774126.exe
O4 - HKLM\..\Run: [axexph] C:\WINDOWS\system32\agagqj.exe reg_run
O4 - HKLM\..\Run: [eyvommuA] C:\WINDOWS\eyvommuA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
O4 - HKCU\..\Run: [Aurr] "C:\WINDOWS\system32\YSTEM~1\services.exe" -vt yazr
O4 - HKCU\..\Run: [Alsu] C:\Documents and Settings\Dave\Application Data\s?stem\winword.exe
O4 - HKCU\..\Run: [vular] C:\WINDOWS\system32\agagqj.exe reg_run
O4 - HKCU\..\Run: [unipl4] C:\WINDOWS\system32\unipl4.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: gebxx - C:\WINDOWS\SYSTEM32\gebxx.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGF2aWQ\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm
Advertisement
Register to Remove

Unread postby agrarianmonk » April 28th, 2006, 3:58 am

Hi,

I'm checking your log now and will be back as soon as I have researched all of the items.

thanks for your patience,
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby agrarianmonk » April 28th, 2006, 10:04 am

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

in your next post, please include
  • new hijackthis log
  • c:\vundofix.txt
  • uninstall list
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Here You Go !!

Unread postby unlv » April 28th, 2006, 10:36 am

Logfile of HijackThis v1.99.1
Scan saved at 10:31:41 AM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RGF2aWQ\command.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\WINDOWS\ms03263117741.exe
C:\WINDOWS\pop06ap2.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
C:\WINDOWS\system32\YSTEM~1\services.exe
C:\Documents and Settings\Dave\Application Data\s?stem\winword.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qpqkp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,clxobon.exe
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000010} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: ohb - {49256FE8-6394-4ACE-939C-22F35CA042AD} - (no file)
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~2\PopUp.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutoUpdate.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [ms03263117741] C:\WINDOWS\ms03263117741.exe
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [w881dfb7.dll] RUNDLL32.EXE w881dfb7.dll,I2 0009ac120881dfb7
O4 - HKLM\..\Run: [ms05311774126] C:\WINDOWS\ms05311774126.exe
O4 - HKLM\..\Run: [axexph] C:\WINDOWS\system32\agagqj.exe reg_run
O4 - HKLM\..\Run: [eyvommuA] C:\WINDOWS\eyvommuA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
O4 - HKCU\..\Run: [Aurr] "C:\WINDOWS\system32\YSTEM~1\services.exe" -vt yazr
O4 - HKCU\..\Run: [Alsu] C:\Documents and Settings\Dave\Application Data\s?stem\winword.exe
O4 - HKCU\..\Run: [vular] C:\WINDOWS\system32\agagqj.exe reg_run
O4 - HKCU\..\Run: [unipl4] C:\WINDOWS\system32\unipl4.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGF2aWQ\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

ActionReplay Xbox
Active WMA Studio version 1.2
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0
Advanced WMA Workshop version 2.1
Balloons And Mountains
BitComet 0.60
BitLord 1.1
CCE SP Trial Version
CCleaner (remove only)
Channel Master
C-Media WDM Audio Driver
Coral Reef 3D
coverXP (remove only)
DAEMON Tools
Defender Pro Anti Spam
Defender Pro Anti-Virus
Defender Pro Firewall
Defender Pro PC Toolbox
DefenderPro AntiSpy
DIKO 0.78 Beta 1
DIKO Menu Image Creator 0.064
DivX
DivX Player
DivxToDVD 1.99.21
DVD Decrypter (Remove Only)
DVD Shrink 3.2
dvdSanta 4.00
EA SPORTS online 2006
Easy MP3 Recorder v3.00
ewido anti-malware
EZ Label Xpress Lite
HijackThis 1.99.1
HP Photo and Imaging 1.0 - HP Photosmart Printer Series
HP Photo and Imaging 1.0 - Scanjet 3500c Series
iPod for Windows 2005-09-23
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 8
LimeWire PRO 4.9.20
Macromedia Flash Player 8
Magic ISO Maker v5.0 (build 0166)
MainConcept MPEG Encoder
Microsoft .NET Framework 1.1
Microsoft .NET Framework SDK (English) 1.1
Microsoft Streets and Trips 2005
Mozilla Firefox (1.0.4)
MP3 Audio Recorder
MSN Music Assistant
My Wal-Mart Digital Photo Center
NBA LIVE 06
Nero 6 Ultra Edition
NVIDIA Drivers
Out of the Park Baseball 6.51a
PeerGuardian 2.0
Photosmart Printer 130,230,7150,7350,7550 (Remove only)
PowerDVD
QuickTime
RealPlayer
River Past Video Cleaner Pro
Sea Turtle Paradise Screen Saver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SmartFTP Client
Spybot - Search & Destroy 1.4
SUPER © Version 2006.17
Super DVD Creator 8.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VideoLAN VLC media player 0.8.4-test1a
VobSub v2.05 (Remove Only)
Winamp (remove only)
WinAVI Video Capture 2.0
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
XviD 1.1 final uninstall


VundoFix V4.2.72

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 10:24:07 AM 4/28/2006

Listing files found while scanning....

C:\WINDOWS\system32\gebxx.dll

Attempting to delete C:\WINDOWS\system32\gebxx.dll
C:\WINDOWS\system32\gebxx.dll Could not be deleted.

Performing Repairs to the registry.
Done!
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Sorry !!

Unread postby unlv » April 28th, 2006, 11:02 am

Off to work will be back around 10pm est.

Thanks !!
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Unread postby agrarianmonk » April 28th, 2006, 1:22 pm

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4


The following are optional; however, anytime you are running any type of p2p program you are MUCH more prone to infection by malware. Your current infections are most likely due to p2p use..

BitComet 0.60
BitLord 1.1
LimeWire PRO 4.9.20
.

1. I notice you already have Ewido installed:
    You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Image and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

***********************************

Download FindQoologic.zip save it to your C:\.
http://downloads.subratam.org/Lon/FindQool.zip

Extract (unzip) the files inside into their own folder called FindQool.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompre ... ation.html

This folder should be present on your C:\
In case it's not present there, move the FindQool folder to C:\ otherwise it won't work.
Then open the FindQool folder.
Locate and double-click the Qlocate.bat file to run it.

This will scan your system.
Wait until a text opens.
Post this in your next reply

***************************************

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

*************************************
In your next post, please include:
  • new HijackThis log
  • FindQool log
  • Ewido log
  • Kaspersky Log


*use separate posts to ensure that the logs don't get cut off!
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Here !!

Unread postby unlv » April 29th, 2006, 1:24 am

Logfile of HijackThis v1.99.1
Scan saved at 1:24:13 AM, on 4/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\WINDOWS\pop06ap2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\WINDOWS\system32\YSTEM~1\services.exe
C:\Documents and Settings\Dave\Application Data\s?stem\winword.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qpqkp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,clxobon.exe
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~2\PopUp.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutoUpdate.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [w881dfb7.dll] RUNDLL32.EXE w881dfb7.dll,I2 0009ac120881dfb7
O4 - HKLM\..\Run: [ms05311774126] C:\WINDOWS\ms05311774126.exe
O4 - HKLM\..\Run: [axexph] C:\WINDOWS\system32\agagqj.exe reg_run
O4 - HKLM\..\Run: [eyvommuA] C:\WINDOWS\eyvommuA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
O4 - HKCU\..\Run: [Aurr] "C:\WINDOWS\system32\YSTEM~1\services.exe" -vt yazr
O4 - HKCU\..\Run: [Alsu] C:\Documents and Settings\Dave\Application Data\s?stem\winword.exe
O4 - HKCU\..\Run: [vular] C:\WINDOWS\system32\agagqj.exe reg_run
O4 - HKCU\..\Run: [unipl4] C:\WINDOWS\system32\unipl4.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Here !

Unread postby unlv » April 29th, 2006, 1:26 am

Sat 04/29/2006
Running from: C:\FindQool
PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE.

Known file names

MD5 Check....

Files found with locate com.
Re-check using dir /a:-d
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
...

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{4abf810a-f11d-4169-9d5f-7d274f2270a1}
HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}

...
Runs, Listed here as a Doublecheck for the locate com results
HKLM
"axexph"="C:\\WINDOWS\\system32\\agagqj.exe reg_run"
HKCU
"vular"="C:\\WINDOWS\\system32\\agagqj.exe reg_run"
...

Files In Winlogon shell and userinit
Listed here as a Doublecheck for the locate com results
shell REG_SZ Explorer.exe, C:\WINDOWS\system32\qpqkp.exe
userinit REG_SZ C:\WINDOWS\SYSTEM32\Userinit.exe,clxobon.exe
...
SWReg utility
Written by Bobbi Flekman © 2005
Findqool edited 4/05/2006
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Here !

Unread postby unlv » April 29th, 2006, 1:29 am

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:41:26 AM, 4/29/2006
+ Report-Checksum: 2B68D98A

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49256FE8-6394-4ACE-939C-22F35CA042AD} -> Adware.ZippyLookup : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49256FE8-6394-4ACE-939C-22F35CA042AD} -> Adware.ZippyLookup : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8037F7F0-80B6-453A-A7CB-5371A4A09BB8} -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-796845957-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-796845957-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49256FE8-6394-4ACE-939C-22F35CA042AD} -> Adware.ZippyLookup : Cleaned with backup
HKU\S-1-5-21-796845957-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-796845957-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-796845957-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8037F7F0-80B6-453A-A7CB-5371A4A09BB8} -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49256FE8-6394-4ACE-939C-22F35CA042AD} -> Adware.ZippyLookup : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8037F7F0-80B6-453A-A7CB-5371A4A09BB8} -> Adware.Begin2Search : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Dave\Application Data\sуstem\winword.exe -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@ads.searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@banner.paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/ddnetlib.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/ddskcopy.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/denmpntw.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/gpjul3191.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/ir60l5jm1.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/iwetppui.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/khdycc.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/ky1394.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/lv8609lse.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/o4ro0e93eh.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/p64ulgh9164.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\backup.zip/dlls/uip10.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\ddnetlib.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\ddskcopy.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\denmpntw.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\gpjul3191.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\ir60l5jm1.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\iwetppui.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\khdycc.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\ky1394.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\lv8609lse.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\o4ro0e93eh.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\p64ulgh9164.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Dave\Desktop\l2mfix\dlls\uip10.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Common Files\owwm\owwmd\owwmc.dll -> Adware.TargetServer : Cleaned with backup
C:\WINDOWS\amm06.ocx -> Downloader.VB.bo : Cleaned with backup
C:\WINDOWS\ms03263117741.exe -> Adware.Enbrow : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\RGF2aWQ\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\RGF2aWQ\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\system32\apfebjmo.dll -> Adware.Agent : Cleaned with backup
C:\WINDOWS\system32\byvus.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\cbayw.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\gebay.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\irsmvhpu.dll -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\khhhe.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\system32\mmxp2passion.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\system32\nsh237.dll -> Adware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsm181.dll -> Adware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsy1D1.dll -> Adware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\Runner.dll -> Adware.CASClient : Cleaned with backup
C:\WINDOWS\system32\yaywv.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup


::Report End

I couldn't do a Kaspersky Log , because My IE browser wont show any web pages so I use Firefox Browser but I can't run the web scanner w/ firefox !!
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Unread postby agrarianmonk » April 29th, 2006, 11:15 am

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.

**********************
  • Copy the contents of the Quote Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{4abf810a-f11d-4169-9d5f-7d274f2270a1}]

[-HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}]



Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

****************************************

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qpqkp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,clxobon.exe
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [w881dfb7.dll] RUNDLL32.EXE w881dfb7.dll,I2 0009ac120881dfb7
O4 - HKLM\..\Run: [ms05311774126] C:\WINDOWS\ms05311774126.exe
O4 - HKLM\..\Run: [axexph] C:\WINDOWS\system32\agagqj.exe reg_run
O4 - HKLM\..\Run: [eyvommuA] C:\WINDOWS\eyvommuA.exe
O4 - HKCU\..\Run: [Aurr] "C:\WINDOWS\system32\YSTEM~1\services.exe" -vt yazr
O4 - HKCU\..\Run: [Alsu] C:\Documents and Settings\Dave\Application Data\s?stem\winword.exe
O4 - HKCU\..\Run: [vular] C:\WINDOWS\system32\agagqj.exe reg_run
O4 - HKCU\..\Run: [unipl4] C:\WINDOWS\system32\unipl4.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

Now close all windows other than HiJackThis, then click Fix Checked. close HijackThis.

Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

****************************************

  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\WINDOWS\system32\qpqkp.exe
    C:\WINDOWS\SYSTEM32\clxobon.exe
    C:\WINDOWS\pop06ap2.exe
    C:\WINDOWS\SYSTEM32\w881dfb7.dll
    C:\WINDOWS\ms05311774126.exe
    C:\WINDOWS\eyvommuA.exe
    C:\WINDOWS\system32\agagqj.exe
    C:\WINDOWS\system32\unipl4.exe
    C:\WINDOWS\system32\dmonwv.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

****************************************

After the reboot;

Next, we need to Reveal Hidden Files

1. Click Start.
2. Open My Computer.
3. Select Tools menu
4. Click Folder Options.
5. Select the View Tab.
6. Select Show hidden files and folders in the Hidden files and folders section.
7. Uncheck Hide protected operating system files (recommended) option.
8. Uncheck the Hide file extensions for known file types option.
9. Click Yes.
10. Click OK.

****************************************

Please delete these folders using Windows Explorer(if present):

C:\WINDOWS\system32\YSTEM~1\ << folder starting w/ the letters YSTEM
C:\Program Files\Common Files\owwm\
C:\WINDOWS\RGF2aWQ\
C:\Documents and Settings\Dave\Application Data\s?stem\ << folder will look like system

****************************************

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

****************************************

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

*************************************
In your next post, please include:
  • new HijackThis log
  • Kaspersky Log


*use separate posts to ensure that the logs don't get cut off!
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

I Did Everything BUT ...

Unread postby unlv » April 29th, 2006, 11:48 am

Kapersky online scanner ,because I'm using Firefox Browser ! My IE Browser is not picking up any web sites !!

Also here is my new Hijack Log : Logfile of HijackThis v1.99.1
Scan saved at 11:45:41 AM, on 4/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\hijack\HijackThis.exe

O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~2\PopUp.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutoUpdate.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Unread postby agrarianmonk » April 29th, 2006, 11:51 am

mmm, well we got rid of a bunch of stuff. is IE still malfunctioning?

we really need you to do an online scan b/c i'm sure there's a lot of stuff hiding.

let me know your situation and we'll proceed from there.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Yes !!

Unread postby unlv » April 29th, 2006, 9:22 pm

Yes, IE is still not working ! Every page will not display at all !

But Firefox is working!
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Unread postby agrarianmonk » April 30th, 2006, 1:01 pm

Yes, IE is still not working ! Every page will not display at all !


I think that your IE problem may be related to a recent update by Microsoft. Microsoft has since released another update that should solve the problem. Please go to http://www.softwarepatch.com/windows/index.html and download/install the latest patch KB908531.

Reboot

*let me know if IE is still malfunctioning.

**************************************

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

**************************************

But Firefox is working!


ok, let's use an online scan that works w/ firefox :)

TrendMicroâ„¢ HouseCall Java Scan
  • Please go HERE to run the Trend Microâ„¢ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.


in your next post, please post the a new hijackthis log and the winpfind log.

*use separate posts to ensure the logs don't get cut off

*let me know if anything was found by your trend micro scan.

*let me know if IE is still not working.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Here !

Unread postby unlv » April 30th, 2006, 10:59 pm

I ran the free scanner from trend micro , But some spyware couldn't be removed

Also My IE is still not working !

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
KavSvc 4/28/2006 8:32:40 AM 2268 C:\dvdlog.txt
UPX! 2/16/2005 11:06:16 AM 218112 C:\HijackThis.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 8/22/2004 6:04:56 PM 69120 C:\WINDOWS\daemon.dll
UPX! 10/13/2005 9:27:00 PM RHS 422400 C:\WINDOWS\x2.64.exe

Checking %System% folder...
UPX! 10/7/2005 7:14:52 PM RHS 308224 C:\WINDOWS\SYSTEM32\avisynth.dll
UPX! 7/9/2004 4:47:04 AM RHS 167936 C:\WINDOWS\SYSTEM32\CoreAAC.ax
PEC2 8/23/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 6/9/2005 4:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 6/9/2005 4:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
UPX! 1/25/2004 RHS 70656 C:\WINDOWS\SYSTEM32\i420vfw.dll
aspack 8/7/2003 2:01:52 PM 126464 C:\WINDOWS\SYSTEM32\lame_enc.dll
PTech 11/4/2005 5:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
UPX! 1/13/2005 10:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com
PECompact2 3/9/2006 8:10:36 PM 4799320 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 3/9/2006 8:10:36 PM 4799320 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 4/7/2006 1:16:56 PM 78848 C:\WINDOWS\SYSTEM32\nsy1DB.dll
aspack 8/4/2004 12:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 4/30/2004 9:46:24 PM 28672 C:\WINDOWS\SYSTEM32\qtalt.ax
Umonitor 8/4/2004 12:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 3/26/2004 4:32:36 PM 116224 C:\WINDOWS\SYSTEM32\rmalt.ax
UPX! 1/20/2005 2:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe
winsync 8/23/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 2/28/2005 1:16:22 PM RHS 240128 C:\WINDOWS\SYSTEM32\x.264.exe
UPX! 1/25/2004 RHS 70656 C:\WINDOWS\SYSTEM32\yv12vfw.dll

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 http://www.qoologic.com
127.0.0.1 http://www.urllogic.com


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
4/30/2006 9:14:44 PM S 2048 C:\WINDOWS\bootstat.dat
4/23/2006 10:54:20 AM H 54156 C:\WINDOWS\QTFont.qfn
4/30/2006 9:08:24 PM H 0 C:\WINDOWS\LastGood\INF\oem15.inf
4/30/2006 9:08:24 PM H 0 C:\WINDOWS\LastGood\INF\oem15.PNF
4/30/2006 9:05:40 PM HS 2273 C:\WINDOWS\system32\mmf.sys
4/18/2006 3:17:08 AM S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
4/30/2006 9:14:38 PM H 8192 C:\WINDOWS\system32\config\default.LOG
4/30/2006 9:15:04 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
4/30/2006 9:14:46 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
4/30/2006 9:15:06 PM H 61440 C:\WINDOWS\system32\config\software.LOG
4/30/2006 9:14:52 PM H 880640 C:\WINDOWS\system32\config\system.LOG
3/15/2006 12:32:58 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
3/28/2006 12:43:42 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\832d536a-8aca-43a9-b15d-becf821fc5b5
3/28/2006 12:43:42 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
4/30/2006 9:13:28 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 10/29/2004 4:50:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/3/2005 11:29:56 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
3/19/2006 11:06:24 PM 1833 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Defender Pro Firewall.lnk
6/28/2005 12:41:02 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
6/27/2005 8:32:10 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
4/24/2006 3:19:12 AM 1757 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
6/28/2005 12:41:02 AM HS 84 C:\Documents and Settings\Dave\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
7/3/2005 11:28:26 PM 873 C:\Documents and Settings\Dave\Application Data\AdobeDLM.log
6/27/2005 8:32:10 PM HS 62 C:\Documents and Settings\Dave\Application Data\desktop.ini
7/3/2005 11:28:26 PM 0 C:\Documents and Settings\Dave\Application Data\dm.ini
3/16/2006 11:15:36 AM 1489461 C:\Documents and Settings\Dave\Application Data\Install.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Defender Pro\Defender Pro Anti-Virus\shellex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Defender Pro\Defender Pro Anti-Virus\shellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}
= C:\WINDOWS\system32\dmonwv.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49E0E0F0-5C30-11D4-945D-000000000003}
IE PopUp-Killer = C:\PROGRA~1\DEFEND~1\DEFEND~2\PopUp.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
CPub Object = C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0D555BC6-E331-48b3-A60E-AAC0DF79438A}
ButtonText = Popup Blocker :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
nwiz nwiz.exe /install
NvMediaCenter RunDLL32.exe NvMCTray.dll,NvTaskbarInit
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
HPHUPD04 "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
HPHmon04 C:\WINDOWS\System32\hphmon04.exe
HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
DAEMON Tools-1033 "C:\Program Files\D-Tools\daemon.exe" -lang 1033
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
DPAS "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
DPASUpdate "C:\Program Files\DefenderPro AntiSpy\DPASAutoUpdate.exe"
KAVPersonal50 "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
103 "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PeerGuardian C:\Program Files\PeerGuardian2\pg2.exe
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
DefenderProAutoRun "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
Ashampoo PopUpBlocker C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallpaper 0
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoHTMLWallPaper 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
ClassicShell 0
ForceActiveDesktopOn 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
unipl4 C:\WINDOWS\system32\unipl4.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 4/30/2006 9:23:07 PM
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 266 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware