hello well here are all the logs
Logfile of HijackThis v1.99.1
Scan saved at 10:18:36 PM, on 12/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\PestPatrol\ppmcactivedetection.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\PestPatrol\ppcl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\htj\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://sympatico.my.msn.com/?page=1&refresh=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PPMCActiveDetection] C:\Program Files\Common Files\PestPatrol\ppmcactivedetection.exe "-ini:C:\Program Files\Common Files\PestPatrol\ppmcad.ini"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [PPCL] "C:\Program Files\Common Files\PestPatrol\ppcl.exe" "C:\Program Files\Common Files\PestPatrol\ppcl.ini"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MSN Messenger 7.5.lnk = ?
O4 - Global Startup: Windows Messenger.lnk = ?
O8 - Extra context menu item: &MSN Search -
res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/binFrameWork/v10/St ... b34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) -
http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) -
http://sympatico.zone.msn.com/bingame/p ... online.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftup ... 4768170203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 4768161593
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://sympatico.zone.msn.com/binFramew ... b34246.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) -
http://zone.msn.com/bingame/zpagames/zp ... b36900.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -
http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -
http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) -
http://zone.msn.com/binframework/v10/St ... b35645.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) -
http://zone.msn.com/bingame/hsol/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/w ... der_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F0FCC76D-767E-4759-A447-62289CA775AA} (Coreport SSO Client) -
http://client.dbm.com/v51/ie/controls/C ... Client.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) -
http://zone.msn.com/bingame/zpagames/ZP ... b36385.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
****************************************
Bazooka Scanner v1.13.03
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
support@kephyr.com
Log created 13:12:17.
OS: Windows NT 5.1
Database version: 3.080000
Database format version: 1.020000
Database date: 20050920
Current date: 2005-09-23 13:12
****************************************
Result when scanning:
Internet Optimizer 123.000.003 %ProgramsDir%\Internet Optimizer\
C:\Program Files\Internet Optimizer\
http://www.kephyr.com/spywarescanner/li ... ndex.phtml
ISTBar 122.122.007 %ProgramsDir%\ISTsvc\
C:\Program Files\ISTsvc\
http://www.kephyr.com/spywarescanner/li ... ndex.phtml
PowerScan 070.000.001 %ProgramsDir%\Power Scan\
C:\Program Files\Power Scan\
http://www.kephyr.com/spywarescanner/li ... ndex.phtml
SideFind 695.333.002 %ProgramsDir%\SIDEFIND\
C:\Program Files\SIDEFIND\
http://www.kephyr.com/spywarescanner/li ... ndex.phtml
****************************************
Auto start entries:
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
C:\Program Files\TELUS eCare\bin\matcli.exe -boot
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
C:\Program Files\TELUS eCare\bin\matcli.exe -boot
C:\Documents and Settings\Racine Greenwood\Start Menu\Programs\Startup\DESKTOP.INI
C:\Documents and Settings\Racine Greenwood\Start Menu\Programs\Startup\DESKTOP.INI
Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php
****************************************
Run entries:
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\UpdateManager
PCShield regsvr32 /s "C:\WINDOWS\system32\sfg_73b5.dll"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCShield
KernelFaultCheck C:\WINDOWS\system32\dumprep 0 -k
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\KernelFaultCheck
dla C:\WINDOWS\system32\dla\tfswctrl.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\dla
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIPTA
Motive SmartBridge C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Motive SmartBridge
TELUS Security service C:\Program Files\Zero Knowledge\TELUS Security service\Freedom.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TELUS Security service
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_CC
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_EMC
WinAntiSpyware 2005 C:\Program Files\WinAntiSpyware 2005\was5.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinAntiSpyware 2005
PCShield regsvr32 /s "C:\WINDOWS\system32\sfg_73b5.dll"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PCShield
WebCamRT.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WebCamRT.exe
Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php
****************************************
Browser helper objects:
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
{3C060EA2-E6A9-4E49-A530-D4657B8C449A} Pop-Up Blocker BHO C:\Program Files\Zero Knowledge\TELUS Security service\pkR.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}
{56071E0D-C61B-11D3-B41C-00E02927A304} Form Filler BHO C:\Program Files\Zero Knowledge\TELUS Security service\FreeBHOR.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}
{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} SafeGuard Protect PCShield C:\WINDOWS\system32\sfg_73b5.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}
{5CA3D70E-1895-11CF-8E15-001234567890} not set C:\WINDOWS\system32\dla\tfswshx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
{827DC836-DD9F-4A68-A602-5812EB50A834} not set C:\WINDOWS\system32\awtst.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{827DC836-DD9F-4A68-A602-5812EB50A834}
****************************************
Toolbars:
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\system32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{86227D9C-0EFE-4F8A-AA55-30386A3F5686} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{4528BBE0-4E08-11D5-AD55-00010333D0AD} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} C:\WINDOWS\system32\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
{30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\system32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
{4528BBE0-4E08-11D5-AD55-00010333D0AD} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\system32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
****************************************
All processes:
[System Process]
System
SMSS.EXE
CSRSS.EXE
WINLOGON.EXE
SERVICES.EXE
LSASS.EXE
ati2evxx.exe
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
LEXBCES.EXE
spoolsv.exe
LEXPPS.EXE
EXPLORER.EXE
tfswctrl.exe
MotiveSB.exe
avgcc.exe
avgemc.exe
avgamsvr.exe
avgupsvc.exe
dvpapi.exe
SVCHOST.EXE
wdfmgr.exe
ALG.EXE
SVCHOST.EXE
mpbtn.exe
was5.exe
spywarescanner.exe
Updater.exe
Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php
****************************************
Internet Explorer Settings:
Default_Page_URL
http://red.clientapps.yahoo.com/customi ... .yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
Default_Search_URL
http://red.clientapps.yahoo.com/customi ... .yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
Local Page
http://www.the-exit.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
Search Bar
http://red.clientapps.yahoo.com/customi ... earch.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
Search Page
http://red.clientapps.yahoo.com/customi ... .yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
Start Page
http://red.clientapps.yahoo.com/customi ... .yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.the-exit.com/search
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\
SearchAssistant
http://www.the-exit.com/search
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
CustomizeSearch
http://www.the-exit.com/search
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\
www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www
http://red.clientapps.yahoo.com/customi ... .yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\
provider yaho
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
Default_Page_URL
http://www.dell.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
Default_Search_URL
http://www.the-exit.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
Local Page
http://www.the-exit.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
Search Bar
http://red.clientapps.yahoo.com/customi ... earch.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
Search Page
http://red.clientapps.yahoo.com/customi ... .yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
SearchURL
http://www.the-exit.com/search
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchURL
Start Page
http://www.msn.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
SearchAssistant
http://www.the-exit.com/search
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
CustomizeSearch
http://www.the-exit.com/search
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
****************************************
panda active scan
Incident Status Location
Adware:Adware/WebHancer Not desinfected C:\Program Files\Common Files\PestPatrol\Quarantine\20051127200113.zip[whagent.exe]
Adware:Adware/WebHancer Not desinfected C:\Program Files\Common Files\PestPatrol\Quarantine\20051127200113.zip[whAgent.inf]
Virus:Trj/Downloader.GMI Not desinfected C:\Program Files\Common Files\Wise Installation Wizard\WISCDEBF9E7BCEB43A7986CE66377C28ABC_1_0_0.MSI[loadadv458.exe]
Adware:Adware/Secure32 Not desinfected C:\WINDOWS\secure32.html
Spyware:Spyware/Smitfraud Not desinfected C:\WINDOWS\warnhp.html
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:34:10 PM, 12/22/2005
+ Report-Checksum: DF47742B
+ Scan result:
HKLM\SOFTWARE\PSGuard.com -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard -> Spyware.PSGuard : Error during cleaning
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Application Data\PSGuard.com -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Application Data\PSGuard.com\P.S.Guard -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Application Data\PSGuard.com\P.S.Guard\Autorun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Application Data\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnceEx -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnce -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Application Data\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnceEx -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Application Data\PSGuard.com\P.S.Guard\Autorun\StartMenuAllUsers -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Application Data\PSGuard.com\P.S.Guard\Autorun\StartMenuCurrentUser -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Application Data\PSGuard.com\P.S.Guard\BrowserObjects -> Spyware.PSGuard : Cleaned with backup
C:\Documents and Settings\Racine Greenwood\Cookies\racine
greenwood@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Program Files\Common Files\PestPatrol\Quarantine\20051127200113.zip/Program Files/webhancer/programs/whagent.exe -> Spyware.WebHancer : Error during cleaning
C:\Program Files\Common Files\PestPatrol\Quarantine\ppqBA.tmp -> Adware.SAHA : Cleaned with backup
C:\Program Files\Common Files\PestPatrol\Quarantine\ppqBD.tmp -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\Program Files\Desktop\loadadv458.exe -> Downloader.PassAlert.c : Cleaned with backup
C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
C:\WINDOWS\SYSTEM32\msctl32.dll -> Not-A-Virus.SpamTool.Win32.Mailbot.l : Cleaned with backup
::Report End