Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ran recommended items still sluggish

Started by PHILLIPV , Jan 24 2007 01:53 PM

  • This topic is locked This topic is locked

#1
PHILLIPV
Posted 24 January 2007 - 01:53 PM

PHILLIPV

    Member

  • Member
  • PipPip
  • 16 posts
Hello,

I ran the things I was suppost to and I am still having some problems. Here is my scan logs with a vundo fix log. I dont have the panda scan because IE will freezes and it wont let me run the scan with fire fox.

Thanks

Phillip V




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:33:35 PM 1/24/2007

+ Scan result:



C:\Documents and Settings\ALL\My Documents\My Videos\Peer Impact\Setup.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\AntivirusGolden.url -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06182006-125326.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06182006-161350.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06192006-123807.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06192006-124434.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06192006-133512.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06192006-133922.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06192006-231049.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06192006-231933.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06192006-232515.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06202006-082005.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06202006-142920.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06202006-155253.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06202006-162325.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06202006-162946.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06202006-163252.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\Logs\scan_log_06202006-163724.html -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\db.dat -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\generalConfig.xml -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\ignored.lst -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\monitorConfig.xml -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\scannerConfig.xml -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
C:\Program Files\AntivirusGolden\usageStats.xml -> Adware.AntiVirusGolden : Cleaned with backup (quarantined).
HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Error during cleaning.
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Error during cleaning.
HKLM\SOFTWARE\YourSiteBar\Historystring -> Adware.ISTBar : Error during cleaning.
C:\WINDOWS\SYSTEM32\alsawspi.dll -> Logger.Agent.ps : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\hsbcsncy.dll -> Logger.Agent.ps : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\thplkkoy.dll -> Logger.Agent.ps : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\txnpioro.dll -> Logger.Agent.ps : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\vfgxamlp.dll -> Logger.Agent.ps : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wejroqru.dll -> Logger.Agent.ps : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xolucghy.dll -> Logger.Agent.ps : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.86:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.125:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.121:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.69:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.72:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.73:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.74:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.75:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.70:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.71:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.115:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.59:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.65:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.124:C:\Documents and Settings\ALL\Application Data\Mozilla\Firefox\Profiles\44ci5dgv.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.


::Report end







UPERAntiSpyware Scan Log
Generated 01/24/2007 at 01:45 PM

Application Version : 3.5.1016

Core Rules Database Version : 3171
Trace Rules Database Version: 1181

Scan type : Custom Scan
Total Scan Time : 01:05:05

Memory items scanned : 467
Memory threats detected : 4
Registry items scanned : 5599
Registry threats detected : 209
File items scanned : 79276
File threats detected : 21

Trojan.Downloader-PATDUM
C:\WINDOWS\CURSORS\EKYOFNT.DLL
C:\WINDOWS\CURSORS\EKYOFNT.DLL
HKLM\Software\Classes\CLSID\{43AACA1E-47EA-4E3A-AAE2-5A310A3562F1}
HKCR\CLSID\{43AACA1E-47EA-4E3A-AAE2-5A310A3562F1}
HKCR\CLSID\{43AACA1E-47EA-4E3A-AAE2-5A310A3562F1}\InprocServer32
HKCR\CLSID\{43AACA1E-47EA-4E3A-AAE2-5A310A3562F1}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43AACA1E-47EA-4E3A-AAE2-5A310A3562F1}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ekyofnt

Trojan.Downloader-Quake11
C:\WINDOWS\SYSTEM32\OCJDINYF.DLL
C:\WINDOWS\SYSTEM32\OCJDINYF.DLL

Trojan.Virtumonde/Resident
C:\WINDOWS\SYSTEM32\KTKCUKKG.DLL
C:\WINDOWS\SYSTEM32\KTKCUKKG.DLL

Adware.MyWebSearch
C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE

Unclassified.Unknown Origin
HKCR\CLSID\{1DAEFCB9-06C8-47C6-8F20-3FB54B244DAA}
HKCR\CLSID\{1DAEFCB9-06C8-47C6-8F20-3FB54B244DAA}\InprocServer32
HKCR\CLSID\{1DAEFCB9-06C8-47C6-8F20-3FB54B244DAA}\InprocServer32#ThreadingModel
HKCR\CLSID\{7DA39570-5FD2-4F18-94B4-20730CB3F727}
HKCR\CLSID\{7DA39570-5FD2-4F18-94B4-20730CB3F727}\InprocServer32
HKCR\CLSID\{7DA39570-5FD2-4F18-94B4-20730CB3F727}\InprocServer32#ThreadingModel

Adware.MovieLand/MediaPipe
C:\Program Files\moviepass Terms.html

Adware.180solutions/Search Assistant
HKCR\LMgr180.WMDRMAx
HKCR\LMgr180.WMDRMAx\CLSID
HKCR\LMgr180.WMDRMAx\CurVer
HKCR\LMgr180.WMDRMAx.1
HKCR\LMgr180.WMDRMAx.1\CLSID
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib#Version
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib#Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll [  ]

Adware.180solutions/ZangoSearch
HKCR\ClientAX.ZangoClientAX
HKCR\ClientAX.ZangoClientAX\CLSID
HKCR\ClientAX.ZangoClientAX\CurVer
HKCR\ClientAX.ZangoClientAX.1
HKCR\ClientAX.ZangoClientAX.1\CLSID
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Control
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32#ThreadingModel
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus\1
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ProgID
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Programmable
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ToolboxBitmap32
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\TypeLib
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Version
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\VersionIndependentProgID
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32#ThreadingModel
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\ProgID
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\Programmable
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\TypeLib
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\VersionIndependentProgID
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Control
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32#ThreadingModel
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Programmable
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Control
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32#ThreadingModel
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Programmable
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR
HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}
HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0
HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\0
HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\0\win32
HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\FLAGS
HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\HELPDIR
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib#Version
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib#Version
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid32
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib#Version
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib#Version
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid32
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib#Version

Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID

Adware.IST/YourSiteBar
HKLM\Software\YourSiteBar
HKLM\Software\YourSiteBar#installTitle
HKLM\Software\YourSiteBar\Historyfiles
HKLM\Software\YourSiteBar\Historyfiles#C:\Program Files\YourSiteBar\yoursitebar.xml
HKLM\Software\YourSiteBar\Historyfiles#C:\Program Files\YourSiteBar\imagemap_normal.bmp
HKLM\Software\YourSiteBar\Historyfiles#C:\Program Files\YourSiteBar\imagemap_over.bmp
HKLM\Software\YourSiteBar\Historyfiles#C:\Program Files\YourSiteBar\version.txt
HKLM\Software\YourSiteBar\Historystring

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Adware.180solutions/Seekmo
HKCR\seekmohook.SABHO
HKCR\seekmohook.SABHO\CLSID
HKCR\seekmohook.SABHO\CurVer
HKCR\seekmohook.SABHO.1
HKCR\seekmohook.SABHO.1\CLSID
HKCR\SeekmoToolbar.SeekmoToolband
HKCR\SeekmoToolbar.SeekmoToolband\CLSID
HKCR\SeekmoToolbar.SeekmoToolband\CurVer
HKCR\SeekmoToolbar.SeekmoToolband.1
HKCR\SeekmoToolbar.SeekmoToolband.1\CLSID
HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}
HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}#AppID
HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\InprocServer32
HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\InprocServer32#ThreadingModel
HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\ProgID
HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\Programmable
HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\TypeLib
HKCR\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}\VersionIndependentProgID
HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}
HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0
HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\0
HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\0\win32
HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\FLAGS
HKCR\TypeLib\{B3A2ECDA-1487-4E7B-815E-D91E43AC79DC}\1.0\HELPDIR
HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}
HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\ProxyStubClsid
HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\ProxyStubClsid32
HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\TypeLib
HKCR\Interface\{AA06DE54-7B8A-4366-9209-D1FA2FD5E680}\TypeLib#Version
HKCR\AppId\SeekmoTB.DLL
HKCR\AppId\SeekmoTB.DLL#AppID
HKCR\AppId\{21B8997E-251A-412C-A805-B0A4F791B03E}
HKU\S-1-5-21-2681504818-2928367816-3752255958-1011\Software\seekmo
HKLM\Software\seekmo
HKLM\Software\seekmo#umt
HKLM\Software\seekmo#duid
HKLM\Software\seekmo#partner_id
HKLM\Software\seekmo#product_id
HKLM\Software\seekmo#cvf
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#UninstallString
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{53E0B6E8-A51D-448B-B692-40B67B285543} [ Seekmo Toolbar ]
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant\Seekmo Customer Support.url
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant\Seekmo.com.url
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant\Uninstall Seekmo Instructions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant

Adware.VSToolbar
HKCR\CLSID\{821F87FF-8245-4972-9E28-732E92EC2F51}
HKCR\CLSID\{821F87FF-8245-4972-9E28-732E92EC2F51}\InProcServer32
HKCR\CLSID\{821F87FF-8245-4972-9E28-732E92EC2F51}\InProcServer32#ThreadingModel
HKU\S-1-5-21-2681504818-2928367816-3752255958-1011\Software\Search Toolbar Corp
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{821F87FF-8245-4972-9E28-732E92EC2F51}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{821F87FF-8245-4972-9E28-732E92EC2F51}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{821F87FF-8245-4972-9E28-732E92EC2F51}#UninstallString
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{821F87FF-8245-4972-9E28-732E92EC2F51}
C:\Documents and Settings\ALL\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and Settings\ALL\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and Settings\ALL\Application Data\SearchToolbarCorp\Toolbar Vision
C:\Documents and Settings\ALL\Application Data\SearchToolbarCorp

Trojan.Media-Codec
C:\DOCUMENTS AND SETTINGS\ALL\RECENT\X PASSWORD MANAGER.URL

Trojan.Downloader-SpyTool
C:\WINDOWS\SYSTEM32\CNKELVBY.DLL
C:\WINDOWS\SYSTEM32\RVCPBGTX.DLL
C:\WINDOWS\SYSTEM32\SAFBWCWA.DLL








undoFix V6.3.2

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.8

Scan started at 2:32:56 PM 1/24/2007

Listing files found while scanning....

C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\SYSTEM32\amekeoxf.exe
C:\WINDOWS\SYSTEM32\egyooqeo.exe
C:\WINDOWS\SYSTEM32\gxxbjuln.exe
C:\WINDOWS\SYSTEM32\pwkolerx.exe
C:\WINDOWS\SYSTEM32\yjpwjwtk.exe

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\amekeoxf.exe
C:\WINDOWS\SYSTEM32\amekeoxf.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\egyooqeo.exe
C:\WINDOWS\SYSTEM32\egyooqeo.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gxxbjuln.exe
C:\WINDOWS\SYSTEM32\gxxbjuln.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pwkolerx.exe
C:\WINDOWS\SYSTEM32\pwkolerx.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yjpwjwtk.exe
C:\WINDOWS\SYSTEM32\yjpwjwtk.exe Has been deleted!

Performing Repairs to the registry.
Done!







Logfile of HijackThis v1.99.1
Scan saved at 2:41:36 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ALL\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm035KBUS
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfr..._instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
Daemon
Posted 24 January 2007 - 02:15 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Do this scan for me. Click here to download SmitfraudFix (by S!Ri). Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.

Please do not run any other options until you are asked to do so.
  • 0

#3
PHILLIPV
Posted 24 January 2007 - 02:45 PM

PHILLIPV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I downloaded and extracted but when i click on smitfraudfix.cmd it comes up with a a blank command screen C:\WINDOWS\system32\cmd.exe

Edited by PHILLIPV, 24 January 2007 - 02:57 PM.

  • 0

#4
Daemon
Posted 24 January 2007 - 02:59 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Hmmm...not sure why it's doing that. Try another scan for me:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#5
PHILLIPV
Posted 24 January 2007 - 03:07 PM

PHILLIPV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
"ALL" - 07-01-24 16:03:38 Service Pack 2
ComboFix 07-01-24.2 - Running from: "C:\Documents and Settings\ALL\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll


((((((((((((((((((((((((((((((( Files Created from 2006-12-24 to 2007-01-24 ))))))))))))))))))))))))))))))))))


2007-01-24 15:39 2,416 --a------ C:\DOCUME~1\ALL\GetPaths.vbs
2007-01-24 15:19 <DIR> d-------- C:\Program Files\Norton SystemWorks
2007-01-24 15:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-01-24 14:32 <DIR> d-------- C:\VundoFix Backups
2007-01-24 14:24 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2007-01-24 14:24 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-01-24 13:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-01-24 12:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-24 12:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
2007-01-24 12:37 <DIR> d-------- C:\DOCUME~1\ALL\Application Data\SUPERAntiSpyware.com
2007-01-10 03:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-07 01:40 <DIR> d-------- C:\DOCUME~1\ALL\Application Data\IrfanView
2007-01-05 15:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo!
2007-01-03 21:14 <DIR> d-------- C:\DOCUME~1\ALL\Shared
2007-01-03 21:14 <DIR> d-------- C:\DOCUME~1\ALL\Incomplete
2007-01-03 21:02 <DIR> d-------- C:\Program Files\LimeWire
2006-12-27 23:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\AGEIA
2006-12-27 23:19 <DIR> d-------- C:\Program Files\AGEIA Technologies
2006-12-27 10:05 <DIR> d-------- C:\Program Files\Hasbro Interactive
2006-12-27 10:04 <DIR> d-------- C:\DOCUME~1\ALL\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-24 15:36 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-24 15:33 -------- d---s---- C:\DOCUME~1\ALL\Application Data\microsoft
2007-01-24 15:29 -------- d-------- C:\DOCUME~1\ALL\Application Data\symantec
2007-01-24 15:22 -------- d-------- C:\Program Files\google
2007-01-24 15:19 48824 --a------ C:\WINDOWS\SYSTEM32\s32evnt1.dll
2007-01-24 15:19 109744 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2007-01-24 15:19 -------- d-------- C:\Program Files\symantec
2007-01-24 15:14 -------- d-------- C:\Program Files\grisoft
2007-01-24 15:10 -------- d-------- C:\Program Files\msn messenger
2007-01-24 15:10 -------- d-------- C:\Program Files\irfanview
2007-01-24 15:02 -------- d-------- C:\Program Files\mozilla firefox
2007-01-24 14:29 -------- d-------- C:\Program Files\yahoo!
2007-01-24 14:15 -------- d-------- C:\Program Files\messenger
2007-01-24 12:36 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-01-24 11:48 -------- d-------- C:\DOCUME~1\ALL\Application Data\aim
2007-01-24 11:47 -------- d-------- C:\Program Files\Common Files\aolshare
2007-01-24 11:47 -------- d-------- C:\Program Files\Common Files\aol
2007-01-23 20:36 -------- d-------- C:\Program Files\yahoo! games
2007-01-21 15:18 -------- d-------- C:\Program Files\norton internet security
2007-01-21 15:12 -------- d-------- C:\Program Files\smiley arcade
2007-01-03 21:04 -------- d-------- C:\Program Files\java
2006-12-28 22:07 -------- d-------- C:\Program Files\america's army
2006-12-27 22:49 -------- d--h----- C:\Program Files\installshield installation information
2006-12-26 22:36 -------- d-------- C:\Program Files\ea games
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-10-02 01:57 106 --a------ C:\Program Files\piconfig.lx


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\QuickBooks Update Agent.lnk"
"backup"="C:\\WINDOWS\\pss\\QuickBooks Update Agent.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Intuit\\QUICKB~1\\QBUpdate\\qbupdate.exe "
"item"="QuickBooks Update Agent"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ALL^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\ALL\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kgsystray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Kuma_tray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Kuma Games\\kgsystray\\Kuma_tray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mimboot"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 7.0\\Monitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=dword:00000002
"SAVScan"=dword:00000003
"navapsvc"=dword:00000002
"LiveUpdate"=dword:00000003
"ISSVC"=dword:00000002
"IDriverT"=dword:00000003
"CLTNetCnService"=dword:00000002
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccProxy"=dword:00000002
"ccEvtMgr"=dword:00000002
"Automatic LiveUpdate Scheduler"=dword:00000002
"Ati HotKey Poller"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Phillip.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-24 16:06:00
  • 0

#6
Daemon
Posted 24 January 2007 - 03:15 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Good. Has your Norton licence expired? - you shouldn't run two resident AVs.

Do one more scan for me. Please download AVG Anti-Rootkit Beta from here and save it to your desktop.

Double click the file to install it. Accept the licence and follow the prompts to install and reboot. After rebooting, you should see the icon for AVG Anti-Rootkit Beta on your desktop. Double click it to open the program. You will see a window with 4 buttons at the bottom of it. Click Search For Rootkits and the program will start a scan, you will see the progress bar moving from left to right. When the scan is complete, a small window will open alerting you to the result. If anything was found, click Save Result To File and post that in your reply.

If nothing was found, please click the Perform in-depth Search saving anything found to file as before.
  • 0

#7
PHILLIPV
Posted 24 January 2007 - 03:26 PM

PHILLIPV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I performed both and nothing came up and my norton license has expired so i was using the other program
  • 0

#8
Daemon
Posted 24 January 2007 - 03:30 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
OK good. You need to uninstall Norton - it's not protecting you and having two AVs can cause conflicts. Reboot when done.

Are you able to run the panda scan now.
  • 0

#9
Daemon
Posted 05 February 2007 - 12:18 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP