Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Automsn

Started by scheris , Mar 08 2006 09:58 PM

Please log in to reply

#1
scheris

Posted 08 March 2006 - 09:58 PM

New Member

Member
9 posts

K, my dad's computer is riddled with malware/spyware. I've done the usual procedures with Ewido, Adaware, HiJack this, Spybot and Panda. I cleaned most of it up except for the AutoMsn and some Ebay bar crap.

Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 2:55:30 PM, on 3/9/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\stisvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\113\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?gseka (obfuscated)
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [data idol] C:\DOCUME~1\ADMINI~1\APPLIC~1\FUNKAC~1\KindView.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{531933C7-D327-47D2-B65D-9BD4B41979F6}: NameServer = 85.255.114.108,85.255.112.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3F61B97-20E6-486F-BD5D-F50C6BD89F76}: NameServer = 85.255.114.108,85.255.112.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCFDD9D7-5AF7-4FE3-9591-15DF2F898C87}: NameServer = 85.255.114.108,85.255.112.143
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\SYSTEM32\acs.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

I have also found lately that the dvd burner has been crashing when it gets to a certain percentage in the burning process. As well as the PC running very slow. Could these problems be caused by some sort of spyware or is it caused by something else?

Thanks for the help, greatly appreciated :tazz:

#2
sari

Posted 09 March 2006 - 01:33 PM

GeekU Admin

Community Leader
21,806 posts

scheris,

Hi and welcome to Geeks to Go. I'm going to be helping you with your log.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://swandog46.gee.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?gseka (obfuscated)
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - HKCU\..\Run: [data idol] C:\DOCUME~1\ADMINI~1\APPLIC~1\FUNKAC~1\KindView.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{531933C7-D327-47D2-B65D-9BD4B41979F6}: NameServer = 85.255.114.108,85.255.112.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3F61B97-20E6-486F-BD5D-F50C6BD89F76}: NameServer = 85.255.114.108,85.255.112.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCFDD9D7-5AF7-4FE3-9591-15DF2F898C87}: NameServer = 85.255.114.108,85.255.112.143[/b]

Click FIX CHECKED. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Open HijackThis.
Click on Open Misc Tools Section
Make sure that both boxes beside "Generate StartupList Log" are checked:
[list]
List all minor sections(Full)
List Empty Sections(Complete)

Click Generate StartupList Log.
Click Yes at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, the startuplist log, and the Panda Activescan report, along with a new HijackThis log into this topic.

Thanks,

sari

#3
scheris

Posted 09 March 2006 - 10:28 PM

New Member

Topic Starter
Member
9 posts

Hi thank you very much for taking the time to help me. Here are the new logs.

Fixwareout ver 1.003
Last edited 2/15/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nbilbaj
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSCVZ.EXE
* csr.exe C:\WINDOWS\System32\CSCVZ.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

-------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:53:53 PM, on 3/10/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\stisvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\113\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\SYSTEM32\acs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

---------------------------------------------------------------------------------------------------------------

StartupList report, 3/10/2006, 2:51:19 PM
StartupList version: 1.52.2
Started from : C:\113\HijackThis.EXE
Detected: Windows 2000 SP3 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\stisvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\113\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

data idol = C:\DOCUME~1\ADMINI~1\APPLIC~1\FUNKAC~1\KindView.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = "C:\WINDOWS\System32\shmgrate.exe" OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = "C:\WINDOWS\System32\shmgrate.exe" OCInstallUserConfigOE

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\LIVING~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

A55B842391840003.job
Tune-up Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Internet Explorer Classes for Java]

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\rnr20.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
Protocol #1: C:\WINDOWS\system32\msafd.dll
Protocol #2: C:\WINDOWS\system32\msafd.dll
Protocol #3: C:\WINDOWS\system32\msafd.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\msafd.dll
Protocol #7: C:\WINDOWS\system32\msafd.dll
Protocol #8: C:\WINDOWS\system32\msafd.dll
Protocol #9: C:\WINDOWS\system32\msafd.dll
Protocol #10: C:\WINDOWS\system32\msafd.dll
Protocol #11: C:\WINDOWS\system32\msafd.dll
Protocol #12: C:\WINDOWS\system32\msafd.dll
Protocol #13: C:\WINDOWS\system32\msafd.dll
Protocol #14: C:\WINDOWS\system32\msafd.dll
Protocol #15: C:\WINDOWS\system32\msafd.dll
Protocol #16: C:\WINDOWS\system32\msafd.dll
Protocol #17: C:\WINDOWS\system32\msafd.dll
Protocol #18: C:\WINDOWS\system32\msafd.dll
Protocol #19: C:\WINDOWS\system32\msafd.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB): System32\DRIVERS\A3AB.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Atheros Configuration Service: C:\WINDOWS\SYSTEM32\acs.exe (autostart)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (disabled)
aeaudio: system32\drivers\aeaudio.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Alerter: %SystemRoot%\System32\services.exe (manual start)
Application Management: %SystemRoot%\system32\services.exe (manual start)
NETGEAR WG311T V1H3 Wireless Adapter Service: System32\DRIVERS\WG311T13.sys (manual start)
ASUSHWIO: \??\C:\WINDOWS\System32\drivers\ASUSHWIO.sys (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Resident Driver NT: \SystemRoot\System32\Drivers\avg7rsnt.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start)
Computer Browser: %SystemRoot%\System32\services.exe (manual start)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
DHCP Client: %SystemRoot%\System32\services.exe (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\services.exe (autostart)
EDSP Port Driver: System32\DRIVERS\es56hpi.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (autostart)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InCDPass: System32\DRIVERS\InCDPass.sys (system)
InCD File System Service: C:\Program Files\Ahead\InCD\InCDsrv.exe (autostart)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
Iprtlidiun: C:\WINDOWS\System32\krnl386.exe (disabled)
IPSEC driver: System32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Workstation: %SystemRoot%\System32\services.exe (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart)
AEGIS Protocol (IEEE 802.1x) v2.3.1.9: System32\DRIVERS\mdc8021x.sys (autostart)
Messenger: %SystemRoot%\System32\services.exe (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
BDA MPE Filter: System32\DRIVERS\MPE.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Microsoft DV Camera and VCR: System32\DRIVERS\msdv.sys (manual start)
Windows Installer: C:\WINDOWS\System32\MsiExec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Loopback Adapter Driver: System32\DRIVERS\loop.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net MD: System32\Drivers\NETMDUSB.sys (manual start)
Network Monitor Driver: System32\DRIVERS\NMnt.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
NUVision II Audio Service: System32\DRIVERS\nuvaud2.sys (manual start)
NUVision II Video Service: System32\DRIVERS\nuvvid2.sys (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
VIA OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Microsoft USB Open Host Controller Driver: System32\DRIVERS\openhci.sys (manual start)
Parallel class driver: System32\DRIVERS\parallel.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (system)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Logitech QuickCam Express(PID_0840): System32\DRIVERS\LVCD.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: System32\DRIVERS\sbp2port.sys (system)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
SoundMAX Agent Service: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Still Image Service: %systemroot%\system32\stisvc.exe (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
LGE U8XXX driver (WDM): System32\DRIVERS\U81xbus.sys (manual start)
LGE U8XXX USB WMC Modem Filter: System32\DRIVERS\U81xmdfl.sys (manual start)
LGE U8XXX USB WMC Modem Driver: System32\DRIVERS\U81xmdm.sys (manual start)
LGE U8XXX USB WMC Device Management Drivers (WDM): System32\DRIVERS\U81xmgmt.sys (manual start)
LGE U8XXX USB WMC OBEX Interface: System32\DRIVERS\U81xobex.sys (manual start)
Ulead Burning Helper: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (autostart)
NEC 616 Command Port Driver: System32\DRIVERS\ulusba.sys (manual start)
NEC 616 CONTROL Driver: System32\DRIVERS\ulusbc.sys (manual start)
NEC 616 ENUMERATION Driver: System32\DRIVERS\ulusbe.sys (manual start)
NEC 616 Modem Driver: System32\DRIVERS\ulusbm.sys (manual start)
NEC 616 OBEX Port Driver: System32\DRIVERS\ulusbo.sys (manual start)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
USB 2.0 Root Hub Support: System32\DRIVERS\usbhub20.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
vdmindve: \??\C:\WINDOWS\System32\drivers\vdmindve.sys (autostart)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: \??\C:\WINDOWS\System32\vsdatant.sys (manual start)
Windows Time: %SystemRoot%\System32\services.exe (manual start)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Windows CE USB Serial Host Driver: System32\DRIVERS\wceusbsh.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
WMDM PMSP Service: C:\WINDOWS\System32\mspmspsv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINDOWS\system32\NETSHELL.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: stobject.dll
SystemCheck2: *Registry key not found*

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 30,150 bytes
Report generated in 0.063 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

--------------------------------------------------------------------------------------------------

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:37:13 PM, 3/8/2006
+ Report-Checksum: 2FE887A5

+ Scan result:

[1140] VM_01990000 -> Downloader.Agent.uj : Ignored
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Atdmt : Ignored
HKLM\SOFTWARE\saap -> Adware.180Solutions : Cleaned with backup
[180] VM_00B50000 -> Downloader.Agent.uj : Error during cleaning
[204] VM_00A20000 -> Downloader.Agent.uj : Error during cleaning
[928] VM_00830000 -> Downloader.Agent.uj : Error during cleaning
[1004] VM_00890000 -> Downloader.Agent.uj : Error during cleaning
[1060] VM_01A60000 -> Downloader.Agent.uj : Error during cleaning
[1108] VM_00850000 -> Downloader.Agent.uj : Error during cleaning
[1152] VM_00C30000 -> Downloader.Agent.uj : Error during cleaning
[1168] VM_01A60000 -> Downloader.Agent.uj : Error during cleaning
[1368] VM_00BF0000 -> Downloader.Agent.uj : Error during cleaning
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
:mozilla.8:C:\Documents and Settings\FernDell\Application Data\Mozilla\Firefox\Profiles\default.j5g\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.9:C:\Documents and Settings\FernDell\Application Data\Mozilla\Firefox\Profiles\default.j5g\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\FernDell\Application Data\Mozilla\Firefox\Profiles\default.j5g\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\FernDell\Application Data\Mozilla\Firefox\Profiles\default.j5g\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\FernDell\Application Data\Mozilla\Firefox\Profiles\default.j5g\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\FernDell\Application Data\Mozilla\Firefo

#4
scheris

Posted 09 March 2006 - 10:47 PM

New Member

Topic Starter
Member
9 posts

Oops sorry the last log file is the wrong file. Here is the right log for the Panda Active Scan.

Incident Status Location

Adware:Adware/Lop Not disinfected C:\DOCUME~1\ADMINI~1\APPLIC~1\FUNKAC~1\KINDVIEW.EXE
Adware:Adware/Lop Not disinfected c:\docume~1\admini~1\applic~1\funkac~1\kindview.exe
Adware:adware program Not disinfected C:\WINDOWS\stsheets.dat
Adware:adware/whenusearch Not disinfected C:\PROGRAM FILES\COMMON FILES\WhenU
Adware:adware/savenow Not disinfected Windows Registry
Dialer:dialer.xd Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\SYSTEMCHECK2
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt[.888.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt[.xmts.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt[ad.sensismediasmart.com.au/]
Dialer:Dialer.ABR Not disinfected C:\113\backups\backup-20060308-204504-535.inf
Adware:Adware/MediaTickets Not disinfected C:\113\backups\backup-20060308-204504-561.inf
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Administrator\Application Data\extra acid\safeheck.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Administrator\Application Data\Funk Active Ooze\arcdglzu.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Administrator\Application Data\Funk Active Ooze\bazmnanb.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Administrator\Application Data\Funk Active Ooze\KindView.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Administrator\Application Data\Funk Active Ooze\Locks camp comp.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Administrator\Application Data\Funk Active Ooze\mvibnuau.exe
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7ysb1q6s.default\cookies.txt[]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\Open Rule Math Funk\great this.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\Open Rule Math Funk\Remote tons.exe
Spyware:Cookie/go Not disinfected C:\Documents and Settings\FernDell\Application Data\Mozilla\Firefox\Profiles\default.j5g\cookies.txt[]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\FernDell\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\FernDell\Cookies\ferndell@belnk[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\FernDell\Cookies\ferndell@ccbill[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\FernDell\Cookies\[email protected][2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\FernDell\Cookies\ferndell@kinghost[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\FernDell\Cookies\ferndell@toplist[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\FernDell\Cookies\ferndell@webpower[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\My Documents\cookies.txt[]
Adware:Adware/BrilliantDigital Not disinfected C:\Program Files\KaZaA Lite\bdcore.dll
Possible Virus. Not disinfected C:\Recycled\Q330995.exe
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\cscvz.exe
Virus:Trj/PWSteal.AE Disinfected C:\WINDOWS\SYSTEM32\jbkcw.exe
Adware:Adware/MediaTickets Not disinfected D:\download\utilities\backups\backup-20060304-070549-291.inf
Dialer:Dialer.ABR Not disinfected D:\download\utilities\backups\backup-20060304-070549-336.inf

#5
sari

Posted 13 March 2006 - 03:12 PM

GeekU Admin

Community Leader
21,806 posts

scheris,

I've very sorry for the delay in the reply - some work issues came up.

Copy everything inside the quote box below (starting with @) and paste it into notepad. Go up to "File > Save As", click the drop-down box to change the "Save As Type" to "All Files". Save it as remlop.bat on your desktop.

@echo off
cd C:\WINDOWS\Tasks
attrib -r -s -h A55B842391840003.job
del A55B842391840003.job
exit

Double-click remlop.bat. A window will open and close quickly, this is normal.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.
Please double-click Killbox.exe to run it.
Select:
- Delete on Reboot
- then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\stsheets.dat
C:\PROGRAM FILES\COMMON FILES\WhenU
C:\113\backups\backup-20060308-204504-535.inf
C:\113\backups\backup-20060308-204504-561.inf
C:\Documents and Settings\Administrator\Application Data\extra acid
C:\Documents and Settings\Administrator\Application Data\Funk Active Ooze
C:\Documents and Settings\All Users\Application Data\Open Rule Math Funk
C:\Recycled\Q330995.exe
C:\WINDOWS\SYSTEM32\cscvz.exe
C:\WINDOWS\SYSTEM32\jbkcw.exe
D:\download\utilities\backups\backup-20060304-070549-291.inf
D:\download\utilities\backups\backup-20060304-070549-336.inf
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Launch Notepad, and copy/paste everything from the box below into it (starting from the word Registry). Save it on your C:\ drive as fixme.reg. For the "save as type" choose all files.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SYSTEMCHECK2"=-

Locate fixme.reg on your desktop and doubleclick it. You'll be asked if you wish to merge the items into the registry; click on Yes, and wait for a message such as "Merged Successfully" to appear.

The last thing I'd like you to do is search and see if you can find the following file:

C:\WINDOWS\switchagreement.txt

If you do, delete it (just the file, not the Windows folder).

Please post back with a new hijackthis log.

Thanks,

sari