Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aim virus? [RESOLVED]


  • This topic is locked This topic is locked

#1
Stickly

Stickly

    Member

  • Member
  • PipPip
  • 30 posts
aim sent two messages today to everyone on my buddy list. but i didn't type them. the message said something like: "can i put this picture of you and me on my website?" or something very close to that. here's the HijackThis log.
[EDIT] it sent it 2 more times. it said: hey is it alright with you if I upload this picture of us to myspace? and then it had a link, that i won't post so no one clicks it by accident.

Logfile of HijackThis v1.99.1
Scan saved at 7:42:22 PM, on 8/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1145822884\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\tasksch.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1145822884\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\Common Files\AOL\1145822884\ee\aolsoftware.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Common Files\AOL\1145822884\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\PROGRA~1\AMERIC~1.0G\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AMERIC~1.0G\shellmon.exe
c:\program files\common files\aol\1145822884\ee\aolssc.exe
C:\Program Files\iTunes\iTunes.exe
c:\program files\common files\aol\1145822884\ee\ComputerCheckup.exe
C:\Program Files\Creative\SBLive\Recorder\CTRec.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Program Files\GetRight\GetRight.exe
C:\Documents and Settings\EricTheDerek\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: Safe &Eyes Toolbar - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\setoolbar.dll
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1145822884\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1145822884\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145822884\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\SafeEyes.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0G\AOL.EXE" -b
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'icf.dll' missing
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1145287945714
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....302/Coupons.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.co...snmusax4123.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1145822884\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Network Station Task Manager (TASKSQ) - Unknown owner - C:\WINDOWS\tasksch.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Please help. i did 2 virus/spyware scans and found nothing, but there must be SOMETHING doing this [Edit] i did COUNTLESS scans, and found nothing.

Edited by Stickly, 28 August 2006 - 04:48 PM.

  • 0

Advertisements


#2
Guest_Falu_*

Guest_Falu_*
  • Guest
Hi Stickly, :blink:

We're studying your log and will be back to you a.s.a.p.

Thanks for your patience. :whistling:
  • 0

#3
Stickly

Stickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
another was sent today....it didn't have a link. it just said "hmm, i think there working on it. lol i get another page now. HURRY!" i have no idea what it means...but i thought i should add it here
  • 0

#4
Guest_Falu_*

Guest_Falu_*
  • Guest
Hi Stickly, :whistling:

Welcome to GeeksToGo Forums and thanks again for your patience.

Your log shows the very dangerous HackerDefender SDBot TROJAN! is present on your computer!

This worm also has backdoor functionalities. It processes the commands on the local machine giving remote users virtual control over the infected system.
It is possible that the remote attacker has added multiple backdoors and/or accounts or even rooted the computer.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

1. Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall PuritySCAN By OIN, OuterInfo, OIN or similar.

Reboot, right-click your Start button, choose Explore look for and delete the following folder in bold if listed: C:\Program Files\PurityScan

If not listed, download and run this uninstaller! You may find a tutorial for the uninstaller here if needed!

Reboot when done and if found, delete this folder: C:\Program Files\PurityScan

2. Run HijackThis, click the Config... button, then go to the Misc Tools section and click Open Uninstall Manager. You'll see a list of programs; click on Save List...

The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply.

3. 1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post the Combofix report together with the uninstall_list.txt and a fresh HijackThis log!
  • 0

#5
Stickly

Stickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
i can't get the uninstaller program to work. it says it says the path couldn't be found. then i can't delete it. it says to make sure it's not currently running. so i restarted the computer, but i still can't delete it. is there any other way to fix my problem?

Edited by Stickly, 30 August 2006 - 01:28 PM.

  • 0

#6
Guest_Falu_*

Guest_Falu_*
  • Guest
Hi Stickly, :whistling:

i can't get the uninstaller program to work. it says it says the path couldn't be found. then i can't delete it. it says to make sure it's not currently running. so i restarted the computer, but i still can't delete it. is there any other way to fix my problem?


Okay, do this:

1. Open Task Manager (by pressing CTRL+ALT+DEL) .
2. From processes list, select and terminate the processes winservs.exe.
3. Click Start, select Programs then Startup, right click and select Browse All Users to open the Startup foler.
4. Delete the shortcut to winservs.exe or purityscan.exe.
5. Open Windows Explorer, search and delete the file winservs.exe .

Next continue with step 2 of my previous instructions.
  • 0

#7
Stickly

Stickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
i got the original steps to work...turns out i wasn't in safe mode ( :whistling: ) anyway...here's the combofix report:

Administrator - 06-08-31 20:03:39.64
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\EricTheDerek_2\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-31 to 2006-08-31 ))))))))))))))))))))))))))))))))))


2006-08-31 15:07 144,300 --a------ C:\ccpt.com
2006-08-29 18:13 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-08-29 18:12 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-08-27 19:29 299,520 --a------ C:\WINDOWS\uninst.exe
2006-08-27 18:20 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-08-26 13:32 78,916 --a------ C:\regedit.com
2006-08-25 15:42 206,397 --a------ C:\WINDOWS\system32\ICF.dll
2006-08-25 15:42 187,968 --a------ C:\WINDOWS\sediag.exe
2006-08-25 15:42 154,688 --a------ C:\WINDOWS\system32\seinst.dll
2006-08-25 12:17 78,916 --a------ C:\dcrypt.exe
2006-08-11 16:17 1,946 --a------ C:\PPCleanDeleteAtReboot.bat
2006-08-10 20:26 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-08-10 18:00 78,916 --a------ C:\regedit.pif
2006-08-05 06:01 86,528 --a------ C:\WINDOWS\system32\nlkfev7iloswafkpu.exe
2006-08-05 06:01 77,372 --a------ C:\stvp.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-31 19:57 -------- d-------- C:\Program Files\Common Files
2006-08-31 19:53 -------- d-------- C:\Program Files\LucasArts
2006-08-31 19:40 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-30 20:18 -------- d-------- C:\Program Files\GetRight
2006-08-30 15:12 -------- d-------- C:\Program Files\AIM
2006-08-29 17:44 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-29 17:43 -------- d-------- C:\Program Files\realtech VR
2006-08-29 16:20 -------- d-------- C:\Program Files\BitTorrent
2006-08-27 18:26 -------- d-------- C:\Program Files\AOL
2006-08-27 18:23 -------- d-------- C:\Program Files\Common Files\AOL
2006-08-27 11:50 -------- d-------- C:\Program Files\iWin
2006-08-27 08:04 -------- d-------- C:\Program Files\Internet Explorer
2006-08-26 09:41 -------- d-------- C:\Program Files\America Online 9.0g
2006-08-25 15:47 -------- d-------- C:\Program Files\Internet Content Filter
2006-08-25 15:38 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-25 14:46 -------- d-------- C:\Program Files\Common Files\aolshare
2006-08-25 14:29 -------- d-------- C:\Program Files\AOL Toolbar
2006-08-25 14:28 -------- d-------- C:\Program Files\AOL Deskbar
2006-08-24 15:43 -------- d-------- C:\Program Files\Dl_cats
2006-08-12 20:13 -------- d-------- C:\Program Files\America Online 9.0f
2006-08-04 08:42 -------- d-------- C:\Program Files\America Online 9.0e
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 16:39 26372 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2006-07-23 21:35 22762 --a------ C:\windr32.exe
2006-07-23 17:54 9728 --a------ C:\setup32.exe
2006-07-23 15:05 10752 --a------ C:\msdev.exe
2006-07-21 16:55 53248 -r-hs---- C:\WINDOWS\tasksch.exe
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 12:52 -------- d-------- C:\Program Files\Common Files\SWF Studio
2006-07-20 10:07 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-07-11 20:23 -------- d-------- C:\Program Files\iTunes
2006-07-11 20:19 -------- d-------- C:\Program Files\iPod
2006-07-11 16:33 -------- d-------- C:\Program Files\Windows Media Player
2006-07-06 13:17 -------- d-------- C:\Program Files\America Online 9.0d
2006-07-06 13:02 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-07-06 13:02 -------- d-------- C:\Program Files\Real
2006-07-06 13:02 -------- d-------- C:\Program Files\Common Files\Real
2006-07-05 22:26 -------- d-------- C:\Program Files\TradeTouch
2006-05-31 19:53 104008 --a------ C:\WINDOWS\system32\AOLDial.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1145822884\\ee\\services\\sscAntiSpywarePlugin\\ver1_10_3_1\\AOLSP Scheduler.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1145822884\\ee\\services\\sscFirewallPlugin\\ver1_210_2_1\\SSCRun.exe"
"DLBTCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLBTtime.dll,[email protected]"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1145822884\\ee\\AOLSoftware.exe"
"ICF"="\"C:\\Program Files\\Internet Content Filter\\SafeEyes.exe\""
"MPFEXE"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
"OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
"EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c4,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,b5,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"
"ziwq"="C:\\Program Files\\InetGet2\\stub_109_4_0_4_0.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{2475DD86-069E-1033-1112-011022010001}"="\"C:\\Program Files\\Common Files\\{2475DD86-069E-1033-1112-011022010001}\\Update.exe\" mc-110-12-0000488"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"
"ziwq"="C:\\Program Files\\InetGet2\\stub_109_4_0_4_0.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{2475DD86-069E-1033-1112-011022010001}"="\"C:\\Program Files\\Common Files\\{2475DD86-069E-1033-1112-011022010001}\\Update.exe\" mc-110-12-0000488"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AOL Companion.lnk"
"backup"="C:\\WINDOWS\\pss\\AOL Companion.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AOLCOM~1\\COMPAN~1.EXE /s"
"item"="AOL Companion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AHQInit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AHQInit"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBLive\\Program\\AHQInit.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOL"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\America Online 9.0d\\AOL.EXE\" -b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DIAGENT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DIAGENT"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBLive\\Creative Diagnostics 2.0\\DIAGENT.EXE startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1145822884\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IpWins]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ipwins"
"hkey"="HKLM"
"command"="C:\\Program Files\\ipwins\\ipwins.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Microsoft Works Portfolio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WksSb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkDetect"
"hkey"="HKCU"
"command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Pure Networks Port Magic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PortAOL"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updreg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Updreg.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Time

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Thu 08/31/2006 20:06:23.71
ComboFix.txt
ComboFix2.txt


and the uninstall_list.txt:

ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.7
Adobe Shockwave Player
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Backup Dell-Installed Programs
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Dell Photo AIO Printer 922
Easy CD Creator 5 Basic
GetRight
HijackThis 1.99.1
iPod Updater 2004-11-15
IpWins
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Macromedia Extension Manager
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser and SDK
Mozilla Firefox (1.5.0.6)
MusicMatch Jukebox
NVIDIA Drivers
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Safe Eyes 2006
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Sony USB Driver
Sound Blaster Live! Value
Star Wars Jedi Knight Jedi Academy
Switch Uninstall
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

and HijackThis...

Logfile of HijackThis v1.99.1
Scan saved at 8:07:33 PM, on 8/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\EricTheDerek_2\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1145822884\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1145822884\ee\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145822884\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\SafeEyes.exe"
O4 - HKLM\..\Run: [MPFEXE] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'icf.dll' missing
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1145287945714
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....302/Coupons.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.co...snmusax4123.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1145822884\ee\services\sscFirewallPlugin\ver1_210_2_1\aolavupd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\mcafee.com\personal firewall\MPFService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler Service (SpoolSvc212) - Unknown owner - C:\WINDOWS\system32\nlkfev7chknort.exe (file missing)
O23 - Service: Network Station Task Manager (TASKSQ) - Unknown owner - C:\WINDOWS\tasksch.exe
O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS\system32\mlsdf8hmtybcf.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


thanks!
Stickly

Edited by Stickly, 31 August 2006 - 06:25 PM.

  • 0

#8
Guest_Falu_*

Guest_Falu_*
  • Guest
Hi Stickly, :whistling:

1. Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following program if listed:

IpWins

Your Add/Remove screen shows Viewpoint Media player is installed. Viewpoint is classed as Foistware and a Potentially unwanted program as its sometimes installed without the users consent, There maybe some indications that they will move into tracking users at some stage which you can read more about Here. If you value the service they provide then it can be left on the system but if not then it can be removed using the Add/Remove screen. More info.

Viewpoint Media Player

2. Run HijackThis, click Scan and checkmark the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....302/Coupons.cab
O23 - Service: Print Spooler Service (SpoolSvc212) - Unknown owner - C:\WINDOWS\system32\nlkfev7chknort.exe (file missing)
O23 - Service: Network Station Task Manager (TASKSQ) - Unknown owner - C:\WINDOWS\tasksch.exe
O23 - Service: Time Service (Time) - Unknown owner - C:\WINDOWS\system32\mlsdf8hmtybcf.exe (file missing)


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

3. Go to Start->Run, type CMD and click Ok.

Alternatively, Press Ctrl+Alt+Delete to bring the Task Manager. While holding down the Ctrl key, click on New Task. Once the MSDOS Window comes up, minimize the Task Manager.
At the prompt type the following and press Enter after each line:

SC Stop SpoolSvc212
SC Delete SpoolSvc212
SC Stop TASKSQ
SC Delete TASKSQ
SC Stop Time
SC Delete Time
Exit

4. Open Notepad and copy and paste the following text in the quotebox into it:

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\CLSID\{2475DD86-069E-1033-1112-011022010001}]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClock.exe"=-
"ziwq"=-

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClock.exe"=-
"ziwq"=-

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{2475DD86-069E-1033-1112-011022010001}"=-

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{2475DD86-069E-1033-1112-011022010001}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IpWins]

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Time]


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

5. Download ATF Cleaner by Atribune. Do not run it yet.

6. Make sure you can view all files. Click Start >My Computer > Tools > Folder Options >View. Check "Show hidden files and folders", uncheck "Hide protected operating system files" and "Hide extensions for known file types". Click "Apply to all folders" >Apply then OK.

7. Reboot and as the computer starts up, just before Windows starts to load, tap the F8 key a few times and then choose Safe Mode from the menu that will appear.

8. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following files in bold if listed:

C:\WINDOWS\system32\nlkfev7chknort.exe
C:\WINDOWS\tasksch.exe
C:\WINDOWS\system32\mlsdf8hmtybcf.exe
C:\ccpt.com
C:\dcrypt.exe
C:\regedit.pif
C:\WINDOWS\system32\nlkfev7iloswafkpu.exe
C:\stvp.exe
C:\windr32.exe
C:\setup32.exe
C:\msdev.exe

Let me know if you had problems with this step.

9. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please reboot to go back into Normal Mode and post a fresh HijackThis log for review!
  • 0

#9
Stickly

Stickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
alright....everything's going ok so far i guess...here's the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:49:32 PM, on 9/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1145822884\ee\services\sscFirewallPlugin\ver1_210_2_1\aolavupd.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\AOL\1145822884\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1145822884\ee\AOLSoftware.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1145822884\ee\services\sscFirewallPlugin\ver1_210_2_1\SSCEvtHdlr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\common files\aol\1145822884\ee\aolssc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\EricTheDerek_2\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1145822884\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1145822884\ee\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145822884\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\SafeEyes.exe"
O4 - HKLM\..\Run: [MPFEXE] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'icf.dll' missing
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1145287945714
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.co...snmusax4123.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1145822884\ee\services\sscFirewallPlugin\ver1_210_2_1\aolavupd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler Service (SpoolSvc220) - Unknown owner - C:\WINDOWS\system32\dior4f4ctiyndtjz.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


thanks...
Stickly
  • 0

#10
Guest_Falu_*

Guest_Falu_*
  • Guest
HI Stickly,

1. Open Notepad and copy and paste the following text in the quotebox into it:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpoolSvc220]


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

2. Run HijackThis, click Scan and checkmark the following entry:

O23 - Service: Print Spooler Service (SpoolSvc220) - Unknown owner - C:\WINDOWS\system32\dior4f4ctiyndtjz.exe (file missing)

Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

Using Explorer delete this file in bold:

C:\WINDOWS\system32\dior4f4ctiyndtjz.exe

If you have problems deleting the file (hidden files is still disabled I assume) reboot into Safe mode and find and delete it.

Reboot, post a new HijacjkThis log and let me know how this went.
  • 0

Advertisements


#11
Stickly

Stickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
i'm having problems this time...in step 2...i didn't find/see that entry in hijackthis. then i couldn't find it with explorer...so i'm not sure what to do. here's the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:32:50 AM, on 9/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\EricTheDerek_2\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1145822884\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1145822884\ee\services\sscFirewallPlugin\ver1_210_2_1\SSCRun.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,[email protected]
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145822884\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\SafeEyes.exe"
O4 - HKLM\..\Run: [MPFEXE] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'icf.dll' missing
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1145287945714
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.co...snmusax4123.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1145822884\ee\services\sscFirewallPlugin\ver1_210_2_1\aolavupd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


thanks...
Stickly
  • 0

#12
Guest_Falu_*

Guest_Falu_*
  • Guest
Hi Stickly, :whistling:

i'm having problems this time...in step 2...i didn't find/see that entry in hijackthis. then i couldn't find it with explorer...so i'm not sure what to do.


No problems: the entry is already gone because of step 1.

Furthermore HijackThis log looks clean.

Let's see if your really clean so do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#13
Stickly

Stickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
wow...wasn't expecting all this!...here's the scan results:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, September 02, 2006 7:19:18 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/09/2006
Kaspersky Anti-Virus database records: 207417
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 68488
Number of viruses found: 7
Number of infected objects: 69 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:02:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\BOPDATA\_Date-20060902_Time-180113250_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\BOPDATA\_Date-20060902_Time-180113250_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\mcafee.com personal firewall\data\IpRules.xdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14a5356b5487f18b54a4098a401af7be_1ab5799e-c68b-4c62-828f-2e5a649ae229 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\20759b1c28e218581a8e53360dce9250_1ab5799e-c68b-4c62-828f-2e5a649ae229 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c71d6d1f6fa2674e479470a98db9aa1_1ab5799e-c68b-4c62-828f-2e5a649ae229 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\904693873b2a91efaaeb04730c817b1c_1ab5799e-c68b-4c62-828f-2e5a649ae229 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e79996db7d68fc8f053b57fe340ab317_1ab5799e-c68b-4c62-828f-2e5a649ae229 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\cert8.db Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\history.dat Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\key3.db Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\parent.lock Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Desktop\hijackthis\backups\backup-20060901-170927-491.dll Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Local Settings\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Local Settings\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Local Settings\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Local Settings\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Local Settings\Temp\sqlite_Qmdzde8aEgo3oKG Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Local Settings\Temp\sqlite_rFdImjrul38N6ub Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Local Settings\Temp\sqlite_TvtiTSEh67VQHUX Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\EricTheDerek_2\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CPYZCP2B\d209[1].exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CPYZCP2B\d212[1].exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S56FW1M7\d212[1].exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S56FW1M7\venus[1].tar Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WPIJ0TMZ\d220[1].exe Infected: Backdoor.Win32.HacDef.fv skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WPIJ0TMZ\media64[1].zip Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\regedit.pif Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP112\A0049367.exe Object is locked skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP112\A0049368.exe Object is locked skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP112\A0049369.exe Object is locked skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP113\A0049517.com Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP130\A0059737.pif Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP139\A0062103.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP139\A0062395.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP139\A0062434.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062488.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062519.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062557.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062615.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062638.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062736.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062771.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062782.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062823.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062825.sys Infected: Backdoor.Win32.HacDef.fv skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062849.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062925.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062968.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062970.exe Infected: Backdoor.Win32.HacDef.fv skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP140\A0062972.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP141\A0063058.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP141\A0063088.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP144\A0063113.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP144\A0063143.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP144\A0063179.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP144\A0063208.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP144\A0063231.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP144\A0063253.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP144\A0063285.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP144\A0063324.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP145\A0063434.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP145\A0063460.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP145\A0063482.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP145\A0063511.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP145\A0063752.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP145\A0064740.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP145\A0064780.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP146\A0064825.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP146\A0064883.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP146\A0064914.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP146\A0064950.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP151\A0065294.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP151\A0065315.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP151\A0065324.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP152\A0065444.com Infected: Backdoor.Win32.HacDef.fv skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP152\A0065465.com Infected: Backdoor.Win32.HacDef.fv skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP152\A0065475.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP152\A0065597.com Infected: Backdoor.Win32.HacDef.fv skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065653.exe Infected: Backdoor.Win32.HacDef.fv skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065683.com Infected: Backdoor.Win32.HacDef.fv skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065689.com Infected: Backdoor.Win32.HacDef.fv skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065778.sys Infected: Backdoor.Win32.HacDef.fv skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065840.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065845.com Infected: Backdoor.Win32.HacDef.fv skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065846.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065847.com Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065848.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065849.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065851.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065905.exe Infected: Backdoor.Win32.HacDef.fv skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP153\A0065906.exe Infected: Backdoor.Win32.HacDef.fv skipped
C:\System Volume Information\_restore{5C6B35E4-34E1-4441-A332-C289AD8C33EF}\RP154\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\tasksch.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Thanks...
Stickly
  • 0

#14
Guest_Falu_*

Guest_Falu_*
  • Guest
Hi Stickly, :whistling:

wow...wasn't expecting all this!...


The most important thing is that it demonstrates that you're almost clean and ready to go.

Hidden files is still disabled so you can view all hidden files. Reboot into Safe mode and look for and delete the following two files:

C:\regedit.pif
C:\WINDOWS\tasksch.exe

Let me know how this went.

Reboot to go back into Normal Mode and go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#15
Stickly

Stickly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
alrighty...here's the report:


Incident Status Location

Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\EricTheDerek\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\EricTheDerek_2\Application Data\Mozilla\Firefox\Profiles\ql6yf140.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\EricTheDerek_2\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\EricTheDerek_2\Cookies\[email protected][1].txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP