Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spyware nightmare!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Kimberly » December 28th, 2005, 6:02 pm

Hi Rik,

Ok, let's clean up now. :)

Please print out or copy these instructions\tutorials to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. You will need to activate the network connection again for the updates (just a few moments), stand alone programs can be downloaded from another PC and installed on the infected PC. Or put the PC on the network, just the time to download the requested files. Note that you will need admin rights on the PC to clean up. You will need Winzip or a similar utility - see previous posts for links please.
______________________________

Before we start to fix your computer, I would like you to move HijackThis to it's own folder. Do not attempt to fix anything before you moved HijackThis.
Create a folder for Hijackthis on the C: drive called C:\HJT. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it HJT.
Locate HijackThis.exe and right click on it, select cut, right click in the folder you just did create and select paste.
______________________________

First of all, I would like you to download a few tools, don't use them until you are instructed to do so.
  1. Download CWShredder to your Desktop or to your usual Download Folder.
    http://www.trendmicro.com/ftp/products/ ... redder.exe
    Run CWShredder.exe and Check for updates.
  2. Download SpSeHjfix to your Desktop or to your usual Download Folder.
    http://www.derbilk.de/SpSeHjfix112.zip
    Create a folder for SpSeHjfix on the C: drive called C:\spfix. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it spfix. Extract the files from the zip archive into that folder.
______________________________

Download Bobbi Flekman's RegSearch from
http://www.bleepingcomputer.com/files/regsearch.php

Create a folder for RegSearch on the C: drive called C:\RegSearch. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it RegSearch. Extract all the files from the zip archive into that folder.
______________________________

Please download the trial version of Ewido Security Suite 3.5 from here:
http://www.ewido.net/en/download/
  • Install Ewido Security Suite.
  • When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
  • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
  • The program will prompt you to update. Click the Ok button.
  • The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
  • On the left-hand side of the main screen click the Update Button.
  • Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________

Please disconnect from the Internet and unplug your modem for the duration of this fix. Close ALL OPEN PROGRAMS!

Launch the Blacklight scan again and select the entries found before. Select "rename" for hidden *.exe, *.sys, and *.dll files
Reboot the computer.
______________________________

In the next step we are going to stop a Service:

Click Start then Run
Type in services.msc
Click Ok

Scroll down and double click on the service called SpywareCleanerService
Click Stop and then set the Startup Type to Disabled.

Click on Start, Control Panel, click on Add/Remove Programs
Look through the installed programs for the following items and remove them if present:

Spyware Cleaner

During the uninstall process, you might be presented with several prompts to guide you through uninstalling the product. Read these carefully to make sure you are actually choosing to uninstall rather than keep the software.
______________________________

Open the spfix folder, double-click SpSeHjfix.exe and click on Start Disinfection
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the spfix folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage.

Once it is finished, run CWShredder.exe. Close ALL windows except CWShredder and click on the Fix button, then click Next.

Reboot in Safe Mode and move to the next part of the fix.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply. then OK.
  • Then you can set your home page to what you want on the General tab. Click Apply. then OK.
  • Click OK.
______________________________

Boot into Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
______________________________

Run HijackThis, click on None of the above, just start the program, click on Scan. Put a check in the box on the left side of the following items if still present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1.UK\LOCALS~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1.UK\LOCALS~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {5A735D13-F26E-4DBE-A3D1-676571607056} - C:\WINNT\system32\keea.dll
O4 - HKLM\..\Run: [windesktop] C:\WINNT\system32\windesktop.exe
O4 - HKLM\..\Run: [icasServ] C:\WINNT\system32\icasServ.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1.UK\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunServices: [windesktop] C:\WINNT\system32\windesktop.exe
O4 - HKCU\..\Run: [aupd] C:\WINNT\system32\sywsvcs.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: PowerReg Scheduler V3.exe
O18 - Filter: text/html - {CDCA7CAF-DEE9-42F8-93CD-EEA3BEEC72CB} - C:\WINNT\system32\keea.dll
O18 - Filter: text/plain - {CDCA7CAF-DEE9-42F8-93CD-EEA3BEEC72CB} - C:\WINNT\system32\keea.dll
O20 - Winlogon Notify: dvd4free - C:\WINNT\SYSTEM32\dvd4free.dll
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe

Close ALL windows and browsers except HijackThis and click Fix Checked
______________________________

Open the RegSearch folder and double-click the icon for RegSearch.exe to launch the program.
Copy / Paste the following line into the Search Box:

dvdkernl

One the next line, type (or copy and paste) dvd4free

One the next line, type (or copy and paste) nwr2

One the next line, type (or copy and paste) windesktop

then hit Ok

After completion Notepad will be opened with all the found instances of the string. The resulting file is saved in the same location as RegSearch.exe.
______________________________

Using Windows Explorer, Search and Delete these Folders if listed:

C:\Program Files\Spyware Cleaner

Using Windows Explorer, Search and Delete these Files if listed:

C:\WINNT\system32\keea.dll
C:\WINNT\system32\windesktop.exe
C:\WINNT\system32\icasServ.exe
C:\WINNT\system32\sywsvcs.exe
C:\WINNT\SYSTEM32\dvd4free.dll.ren
C:\WINNT\system32\dvdkernl.sys.ren
C:\WINNT\system32\Emhiqhng.exe.ren
C:\WINNT\system32\drivers\nwr2.ies4.ren

Double check that these files don't exist anymore :

C:\WINNT\SYSTEM32\dvd4free.dll
C:\WINNT\system32\dvdkernl.sys
C:\WINNT\system32\Emhiqhng.exe
C:\WINNT\system32\drivers\nwr2.ies4

If you get an error when deleting a file, right click on the file and check to see if the read only attribute is checked. If it is uncheck it and try again.
______________________________

Navigate to C:\WINNT\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Procede like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, click to select the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido Security Suite, and run a full scan.
  • Click on Scanner
  • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
  • Click Save Report button
  • Save the report to your Desktop
Close Ewido and reboot in Normal Mode.
______________________________

Download WinPFind.zip to your Desktop or to your usual Download Folder.
http://www.bleepingcomputer.com/files/winpfind.php
Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
Open the C:\WinPFind folder and double-click on WinPFind.exe.
Click on Configure Scan Options.
Remove all the checkmarks under Folder Options on the left side by clicking the button Remove All, uncheck Run Addon's and click Apply.
Click on the Start Scan button and wait for it to finish.

Please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log file named C:\WinPFind\WinPFind.txt. Please copy that log into your next reply.
______________________________

Please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
______________________________

Again, run the Blacklight scan.
- If it displays any items...don't do anything with them yet. Just hit exit (close)
- It will drop a log on Desktop that starts with fsbl....big number
Please post contents of log.
______________________________

Please post :
  1. SpSeHjfix log
  2. Regsearch results
  3. Ewido log
  4. C:\WinPFind\WinPFind.txt
  5. Kaspersky log
  6. Latest Blacklight log
  7. a new HijackThis log
One log per reply please, try to avoid blank lines (carriage return) between the lines of a log. - Open logs with notepad.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am
Advertisement
Register to Remove

Unread postby brandy claws » January 3rd, 2006, 5:10 am

Hi Kim

Im back in work now and cant find any post as promised to help me fix my spyware problem.
Im here all day today and would REALLY like to get this sorted since everyones in now and its bound to trip me up today!
The last post of yours I found told me you'd post a fix for me and then thers no further posts as far as I can see.
Please help!

Rik
brandy claws
Regular Member
 
Posts: 38
Joined: December 28th, 2005, 11:30 am
Location: London

Unread postby brandy claws » January 3rd, 2006, 5:11 am

Ignore that...Im stupid! (hence getting into this mess in the first place!)

I'll go thru things and see how I get on.

Cheers!
brandy claws
Regular Member
 
Posts: 38
Joined: December 28th, 2005, 11:30 am
Location: London

Unread postby brandy claws » January 3rd, 2006, 5:34 am

Hi Kim

I have started on your fixes and have nstantly run into what appears to be a problem:

CWShredder is downloaded and installed but when I hit 'check for updtaes' as you suggested, it disapears and gives me a 'program error' box which I cant read all of becuase it seems to obly show me half the text. Theres just an 'ok' button on it which obviously makes it vanish when I hit it.

Is this ok? Can I continue with the rest of the fixes?

Also you mentioned BlackLight...would that be the blbeta.exe file I have downloaded?

Sorry to be such an incompentant fool....I probably shouldnt be allowed near computers!

Rik
brandy claws
Regular Member
 
Posts: 38
Joined: December 28th, 2005, 11:30 am
Location: London

Unread postby brandy claws » January 3rd, 2006, 8:24 am

Hi Kim

Im working my way thru your fixes but am now stuck as i cannot seem to get my PC to restart in safe mode. Hitting F8 during the windows start up bars doesnt seem to do anything.
can I continue without being in safe mode? Is there ay other way for me to restart into safe mode?
Please help!

Rik
brandy claws
Regular Member
 
Posts: 38
Joined: December 28th, 2005, 11:30 am
Location: London

Unread postby Kimberly » January 3rd, 2006, 9:47 am

Hello Rik,

I did get your email notifification. You have to understand that we / I don't sit here 24/24 hour a day in front of my computer. We all need sleep and most of us work in real life. We are around here on our free time, therefor it is normal that you don't always get a reply in the 5 seconds after you did post.

CWShredder : Maybe your router or firewall is blocking access to the updates. Put it on another computer, create a folder and put it into the new folder. Check for updates. Copy the content of the whole folder on the infected PC. The download may be corrupted, try downloading it again.

Safe boot : Hit F8 as soon as your hear the beep from the BIOS. There isn't another way of booting into safe mode unfortunately if that does not work. If you can boot into safe mode, perform the fix in Normal Mode. We might need a second pass to clean up everything.

Blacklight = blbeta indeed.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby brandy claws » January 3rd, 2006, 10:07 am

Hi Kim

Im really sorry to come across so demanding. As Im sure you've realised Im new to all this and Im also stuck in the unfortunate situation of having this problem at work (we're moving offices this week which is why this is an even bigger issue for me at the moment). Im really grateful for all the help you've given me. i was more concerned that my original post was gonna get overlooked due to me not being on here for a week. I realise the world doesnt revlove around me and I am sorry of throwing my toys out of my pram....
:oops:
Thanks for posting more help for me all the same...I'll have a bash at things and get back to you. It all seemed to have gone so well until the safe mode issue...I'll have a go now and see what happens.
Thanks again

Rik
brandy claws
Regular Member
 
Posts: 38
Joined: December 28th, 2005, 11:30 am
Location: London

Unread postby brandy claws » January 3rd, 2006, 10:13 am

Hi Kim

Im really sorry to come across so demanding. As Im sure you've realised Im new to all this and Im also stuck in the unfortunate situation of having this problem at work (we're moving offices this week which is why this is an even bigger issue for me at the moment). Im really grateful for all the help you've given me. i was more concerned that my original post was gonna get overlooked due to me not being on here for a week. I realise the world doesnt revlove around me and I am sorry of throwing my toys out of my pram....
:oops:
Thanks for posting more help for me all the same...I'll have a bash at things and get back to you. It all seemed to have gone so well until the safe mode issue...I'll have a go now and see what happens.
Thanks again

Rik
brandy claws
Regular Member
 
Posts: 38
Joined: December 28th, 2005, 11:30 am
Location: London

Unread postby brandy claws » January 3rd, 2006, 10:46 am

Ok...I have got a bit further....
Did Hijackthis and got rid of the files it found. Tried to get rid of everything if found that you listed via windows explorer but cant seem to erase sywsvcs.exe. Its not read only and gives me a warning saying "Cannot delete: Access denied. The source file may be in use"
I'll hold fire for now in case this is essential to the rest of the process..
Cheers

Rik
brandy claws
Regular Member
 
Posts: 38
Joined: December 28th, 2005, 11:30 am
Location: London

Unread postby Kimberly » January 3rd, 2006, 11:22 am

Replace the deleting files with this ... it's because we are in Normal mode that it can't be deleted.

Download Killbox by Option^Explicit to your Desktop or to your usual Download Folder.
http://www.downloads.subratam.org/KillBox.zip
Unzip it to your desktop or a convenient folder.

Double-click Killbox.exe to run it.
Next, you will be entering items into Pocket KillBox. Please select the “Delete on Rebootâ€
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby brandy claws » January 3rd, 2006, 1:01 pm

Hey Kim...
finally made it to the end of the fixes! Its looking good so far..no more mental pop ups when plugged into the network for a start and its runing at a reasonable spped (tho this machine is slow atthe best of times).
Heres the logs you asked for:

SpSeHjFix.log


(1/3/06 4:21:22 AM) SPSeHjFix started v1.1.2
(1/3/06 4:21:22 AM) OS: Win2000 Service Pack 4 (5.0.2195)
(1/3/06 4:21:22 AM) Language: english
(1/3/06 4:21:22 AM) Win-Path: C:\WINNT
(1/3/06 4:21:22 AM) System-Path: C:\WINNT\system32
(1/3/06 4:21:22 AM) Temp-Path: C:\DOCUME~1\ADMINI~1.UK\LOCALS~1\Temp\
(1/3/06 4:21:28 AM) Disinfection started
(1/3/06 4:21:28 AM) Bad-Dll(IEP): c:\docume~1\admini~1.uk\locals~1\temp\se.dll
(1/3/06 4:21:28 AM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINNT\system32\keea.dll
(1/3/06 4:21:28 AM) Searchassistant Uninstaller - Keys Deleted
(1/3/06 4:21:28 AM) UBF: 9 - UBB: 1 - UBR: 16
(1/3/06 4:21:28 AM) FilterKey: HKCR\text/html (deleted)
(1/3/06 4:21:28 AM) FilterKey: HKCR\CLSID\{CDCA7CAF-DEE9-42F8-93CD-EEA3BEEC72CB} (deleted)
(1/3/06 4:21:28 AM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(1/3/06 4:21:28 AM) FilterKey: HKCR\text/plain (deleted)
(1/3/06 4:21:28 AM) FilterKey: HKCR\CLSID\{CDCA7CAF-DEE9-42F8-93CD-EEA3BEEC72CB} (error while deleting)
(1/3/06 4:21:28 AM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(1/3/06 4:21:28 AM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A735D13-F26E-4DBE-A3D1-676571607056} (deleted)
(1/3/06 4:21:28 AM) BHO-Key: HKCR\CLSID\{5A735D13-F26E-4DBE-A3D1-676571607056} (deleted)
(1/3/06 4:21:28 AM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\ADMINI~1.UK\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(1/3/06 4:21:28 AM) UBF: 7 - UBB: 0 - UBR: 15
(1/3/06 4:21:28 AM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1.uk\locals~1\temp\se.dll/space.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\admini~1.uk\locals~1\temp\se.dll/space.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(1/3/06 4:21:28 AM) Stealth-String not found
(1/3/06 4:21:28 AM) File added to delete: c:\winnt\system32\keea.dll
(1/3/06 4:21:28 AM) File added to delete: c:\docume~1\admini~1.uk\locals~1\temp\se.dll
(1/3/06 4:21:28 AM) Reboot
(1/3/06 4:23:30 AM) SPSeHjFix started v1.1.2
(1/3/06 4:23:30 AM) OS: Win2000 Service Pack 4 (5.0.2195)
(1/3/06 4:23:30 AM) Language: english
(1/3/06 4:23:30 AM) Win-Path: C:\WINNT
(1/3/06 4:23:30 AM) System-Path: C:\WINNT\system32
(1/3/06 4:23:30 AM) Temp-Path: C:\DOCUME~1\ADMINI~1.UK\LOCALS~1\Temp\
(1/3/06 4:23:36 AM) Disinfection started
(1/3/06 4:23:36 AM) Bad-Dll(IEP): (not found)
(1/3/06 4:23:36 AM) Bad-Dll(IEP) in BHO: (not found)
(1/3/06 4:23:36 AM) UBF: 7 - UBB: 0 - UBR: 16
(1/3/06 4:23:36 AM) UBF: 7 - UBB: 0 - UBR: 16
(1/3/06 4:23:36 AM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\ADMINI~1.UK\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(1/3/06 4:23:36 AM) Bad IE-pages: (none)
(1/3/06 4:23:36 AM) Stealth-String not found
(1/3/06 4:23:36 AM) File added to delete: c:\docume~1\admini~1.uk\locals~1\temp\se.dll
(1/3/06 4:23:36 AM) Reboot
brandy claws
Regular Member
 
Posts: 38
Joined: December 28th, 2005, 11:30 am
Location: London

Unread postby brandy claws » January 3rd, 2006, 1:02 pm

RegSearch results

REGEDIT4
; Registry Search by Bobbi Flekman
; Version: 1.0.2.1
; Results at 1/3/2006 6:45:00 AM for strings:
; 'dvdkernl'
; 'dvd4free'
; 'nwr2'
; 'windesktop'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"windesktop"="C:\\WINNT\\system32\\windesktop.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"windesktop"="C:\\WINNT\\system32\\windesktop.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dvd4free]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dvd4free]
"Startup"="dvd4free"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DVDKERNL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DVDKERNL\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DVDKERNL\0000]
"Service"="dvdkernl"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DVDKERNL\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dvdkernl]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dvdkernl\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dvdkernl\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dvdkernl\Enum]
"0"="Root\\LEGACY_DVDKERNL\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DVDKERNL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DVDKERNL\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DVDKERNL\0000]
"Service"="dvdkernl"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dvdkernl]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dvdkernl\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DVDKERNL]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DVDKERNL\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DVDKERNL\0000]
"Service"="dvdkernl"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DVDKERNL\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvdkernl]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvdkernl\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvdkernl\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvdkernl\Enum]
"0"="Root\\LEGACY_DVDKERNL\\0000"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"windesktop"="C:\\WINNT\\system32\\windesktop.exe"
; End Of The Log...
brandy claws
Regular Member
 
Posts: 38
Joined: December 28th, 2005, 11:30 am
Location: London

Unread postby brandy claws » January 3rd, 2006, 1:04 pm

Ewido log

REGEDIT4
; Registry Search by Bobbi Flekman
; Version: 1.0.2.1
; Results at 1/3/2006 6:45:00 AM for strings:
; 'dvdkernl'
; 'dvd4free'
; 'nwr2'
; 'windesktop'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"windesktop"="C:\\WINNT\\system32\\windesktop.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"windesktop"="C:\\WINNT\\system32\\windesktop.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dvd4free]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dvd4free]
"Startup"="dvd4free"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DVDKERNL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DVDKERNL\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DVDKERNL\0000]
"Service"="dvdkernl"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DVDKERNL\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dvdkernl]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dvdkernl\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dvdkernl\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dvdkernl\Enum]
"0"="Root\\LEGACY_DVDKERNL\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DVDKERNL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DVDKERNL\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DVDKERNL\0000]
"Service"="dvdkernl"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dvdkernl]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dvdkernl\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DVDKERNL]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DVDKERNL\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DVDKERNL\0000]
"Service"="dvdkernl"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DVDKERNL\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvdkernl]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvdkernl\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvdkernl\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvdkernl\Enum]
"0"="Root\\LEGACY_DVDKERNL\\0000"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"windesktop"="C:\\WINNT\\system32\\windesktop.exe"
; End Of The Log...
brandy claws
Regular Member
 
Posts: 38
Joined: December 28th, 2005, 11:30 am
Location: London

Unread postby brandy claws » January 3rd, 2006, 1:05 pm

WinPFind log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2600.0000
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\MacDrive
{4DD19182-ACE2-11CF-BBF2-444553540000} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\system32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\system32\docprop2.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = @msdxmLC.dll,-1@1033,&Radio : C:\WINNT\system32\msdxm.ocx
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Synchronization Manager mobsync.exe /logon
NvCplDaemon RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
Tweak UI RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
MDShell "C:\Program Files\Mediafour\MacDrive\MDShell.exe" /S
Drag'n'Drop_Autolaunch "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray C:\PROGRA~1\SYMANT~1\VPTray.exe
Matrox PowerDesk 8 C:\WINNT\system32\PowerDesk8\Matrox.PowerDesk.exe /silent
MacLicense "C:\Program Files\MacOpener\MacLic.exe"
windesktop C:\WINNT\system32\windesktop.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
windesktop C:\WINNT\system32\windesktop.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvMediaCenter RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
internat.exe internat.exe
aupd C:\WINNT\system32\sywsvcs.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149
CDRAutoRun 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll
Internet Explorer {F28A40D7-AD0E-034A-C651-5F0ED76232E6} = C:\WINNT\system32\Kbnggf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dvd4free
= dvd4free.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINNT\system32\NavLogon.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/3/2006 8:21:49 AM
brandy claws
Regular Member
 
Posts: 38
Joined: December 28th, 2005, 11:30 am
Location: London

Unread postby brandy claws » January 3rd, 2006, 1:06 pm

Kasper log

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, January 03, 2006 09:12:01
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 3/01/2006
Kaspersky Anti-Virus database records: 168824
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 18196
Number of viruses found: 4
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 1163 sec
Infected Object Name - Virus Name
C:\Documents and Settings\Administrator.COMPONENT.CO.UK\Local Settings\Temp\vbpxycqc.exe Infected: Trojan-Spy.Win32.Goldun.fs
C:\q6378.exe Infected: Trojan-Downloader.Win32.Femad.ae
C:\WINNT\system32\jtbhzr.dll Infected: Trojan-Proxy.Win32.Agent.df
C:\WINNT\system32\oleext.dll Infected: Trojan.Win32.Small.ev
C:\WINNT\uninstIU.exe Infected: Trojan.Win32.Small.ev
Scan process completed.
brandy claws
Regular Member
 
Posts: 38
Joined: December 28th, 2005, 11:30 am
Location: London
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 386 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware