Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Log reports - Malware affecting internet explorer 6


  • Please log in to reply

#1
spindoctagt

spindoctagt

    New Member

  • Member
  • Pip
  • 1 posts
I'm having issues with internet explorer. Some malware/trojans are affecting internet explorer performance. I tried to switch to IE7 but the problem still persists.

These are my logs of anti-spyware software. Any help will be appreciated.

ComboFix -

"Rajiv Shenoy" - 07-02-14 22:05:43 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Rajiv Shenoy\My Documents\Software Downloads"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\AlxRes070212.exe
C:\WINDOWS\system32\dodolook133.exe
C:\WINDOWS\system32\HTTPDll.dll
C:\WINDOWS\system32\jdsthu1.exe
C:\WINDOWS\system32\jdsthu2.exe
C:\WINDOWS\system32\jdsthu3.exe
C:\WINDOWS\system32\scrsys070212.scr
C:\WINDOWS\system32\scrsys16_070212.scr
C:\WINDOWS\system32\scrsys16_070212.scr
C:\WINDOWS\system32\winsys16_070212.dll
C:\WINDOWS\system32\tubar1250.exe
C:\WINDOWS\system32\wbem\sxald.dll
C:\WINDOWS\system32\jsds3utj.dat
C:\WINDOWS\system32\322B98D6T.EXE
C:\WINDOWS\system32\322B98D6.DLL
C:\WINDOWS\system32\drivers\000042e6.SYS
C:\WINDOWS\system32\000042e6.dat
C:\Documents and Settings\All Users\Templates\temp.exe
C:\Program Files\927up.exe
C:\Program Files\Common Files\System\Update.dat
C:\Program Files\kw_wl_lyric_020.exe
C:\WINDOWS\system32\advport.dll
C:\WINDOWS\system32\BandRes.dll
C:\WINDOWS\system32\cacheur.exe
C:\WINDOWS\system32\cnwin.dll
C:\WINDOWS\system32\d3d1caps.SRG
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\ffpbek.sys
C:\WINDOWS\system32\drivers\MSUSBBUX.sys
C:\WINDOWS\system32\drivers\Reg.exe
C:\WINDOWS\system32\drivers\restore.ini
C:\WINDOWS\system32\dsfhw.dll
C:\WINDOWS\system32\dsssvc.dll
C:\WINDOWS\system32\lylk.dat
C:\WINDOWS\system32\mctet.dll
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\ncxml.dll
C:\WINDOWS\system32\nt.sys
C:\WINDOWS\system32\plugin.ini
C:\WINDOWS\system32\rundll.exe
C:\WINDOWS\system32\scia.dll
C:\WINDOWS\system32\sconfs.exe
C:\WINDOWS\system32\Score.txt
C:\WINDOWS\system32\stdact.ini
C:\WINDOWS\system32\stdup.uni
C:\WINDOWS\system32\wbem\ocmor.dat
C:\WINDOWS\system32\wbem\ocmor.dll
C:\WINDOWS\system32\wbem\sholl32.dll
C:\WINDOWS\system32\winttrs
C:\WINDOWS\system32\WsReource.dll
C:\WINDOWS\AppPatch\AcJava.sdb
C:\WINDOWS\Debug\bmhrt.log
C:\WINDOWS\Help\bredsk.CNT
C:\WINDOWS\Help\starter\help.htm
C:\WINDOWS\Help\WinMail.chm
C:\WINDOWS\inf\1394dbg.inf
C:\WINDOWS\mywinsys.ini
C:\WINDOWS\bar.exe
C:\WINDOWS\system32\drivers\000042e6.SYS
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA
C:\Program Files\Baidu
C:\Program Files\CNNIC
C:\WINDOWS\system32\winup
C:\\WINDOWS\system32\drivers\fhqwsj21.sys
C:\WINDOWS\system32\rpcc.dll
C:\WINDOWS\system32\umtcap.dll
C:\Program Files\superutilbar
C:\WINDOWS\webwork
C:\WINDOWS\system32\albus.dat
C:\WINDOWS\system32\albus.dll
C:\WINDOWS\system32\alsmt.exe
C:\WINDOWS\system32\alstd.dat
C:\WINDOWS\system32\Drivers\albus.sys
C:\WINDOWS\system32\std.ini
C:\WINDOWS\system32\stdd.ini
C:\WINDOWS\system32\updadini.ini
C:\WINDOWS\system32\updateSC.exe
C:\WINDOWS\system32\updstdex.ini
C:\WINDOWS\system32\updstdup.ini
C:\~de*.tmp
C:\WINDOWS\system32\4092cfsb.dll
C:\WINDOWS\system32\4419cfsb.dll
C:\WINDOWS\system32\4f21cfsb.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools
C:\WINDOWS\system32\weacx.dll
C:\WINDOWS\system32\drivers\00002ead.SYS
C:\WINDOWS\system32\drivers\Albus.SYS
C:\WINDOWS\system32\drivers\dvtgydl.sys
C:\WINDOWS\system32\dvtgydl.dll
C:\WINDOWS\system32\drivers\ij_iva.sys
C:\WINDOWS\system32\ij_iva.dll
C:\WINDOWS\system32\drivers\rzvnppr.sys
C:\WINDOWS\system32\rzvnppr.dll
C:\WINDOWS\system32\drivers\td_ioz.sys
C:\WINDOWS\system32\td_ioz.dll
C:\WINDOWS\system32\drivers\utnfrwp.sys
C:\WINDOWS\system32\utnfrwp.dll
C:\WINDOWS\system32\bvhz_x.dll
C:\WINDOWS\system32\drivers\bvhz_x.sys
C:\WINDOWS\system32\ij_iva.dll
C:\WINDOWS\system32\drivers\ij_iva.sys
C:\WINDOWS\system32\td_ioz.dll
C:\WINDOWS\system32\drivers\td_ioz.sys
C:\WINDOWS\system32\zhal_d.dll
C:\WINDOWS\system32\drivers\zhal_d.sys
C:\WINDOWS\system32\00002ead.dat
C:\WINDOWS\system32\cryptig.dll
C:\WINDOWS\system32\cryptimg.dll
C:\WINDOWS\system32\drivers\fsb.sys
C:\WINDOWS\system32\drivers\parCLS.sys
C:\WINDOWS\system32\drivers\restore.dll
C:\WINDOWS\system32\ntxml.dll
C:\WINDOWS\system32\PvSec.dll
C:\WINDOWS\system32\stdplay.dll
C:\WINDOWS\system32\stdstub.dll
C:\WINDOWS\system32\stdupnet.dll
C:\WINDOWS\system32\stdvote.dll
C:\WINDOWS\system32\drivers\00002ead.SYS
C:\WINDOWS\system32\STDCACHE
C:\WINDOWS\system32\updadini
C:\WINDOWS\system32\UPDSTDEX
C:\WINDOWS\system32\updstdup


((((((((((((((((((((((((((((((( Files Created from 2007-01-14 to 2007-02-14 ))))))))))))))))))))))))))))))))))


2007-02-14 22:17 42,228 --a------ C:\WINDOWS\system32\jsds3utj.dat
2007-02-14 22:17 42,228 --a------ C:\WINDOWS\system32\431171509418.dat
2007-02-14 22:12 <DIR> d-------- C:\WINDOWS\ERDNT
2007-02-14 22:11 <DIR> d-------- C:\Program Files\Common Files\CPUSH
2007-02-14 20:20 <DIR> d-------- C:\MYHJT
2007-02-14 20:17 42,228 --a------ C:\WINDOWS\system32\431171502222.dat
2007-02-14 18:55 <DIR> d-------- C:\Program Files\wmul
2007-02-14 18:51 42,178 --a------ C:\WINDOWS\system32\431171497035.dat
2007-02-14 18:45 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-14 18:45 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-14 18:45 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-14 18:45 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-14 18:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Webroot
2007-02-14 18:43 <DIR> d-------- C:\Program Files\Webroot
2007-02-14 18:43 <DIR> d-------- C:\DOCUME~1\RAJIVS~1\Application Data\Webroot
2007-02-14 18:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Webroot
2007-02-14 18:05 <DIR> d-------- C:\WINDOWS\WBEM
2007-02-14 18:05 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-02-14 17:58 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-02-14 17:54 20,480 --a------ C:\WINDOWS\system32\normaliz.dll
2007-02-14 17:53 <DIR> d-------- C:\Program Files\[bleep] NFO Viewer
2007-02-14 17:48 <DIR> d-------- C:\Program Files\MUSICMATCH
2007-02-14 17:13 <DIR> d-------- C:\Program Files\Common Files\wmul
2007-02-14 17:02 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-02-14 17:02 116,864 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-02-14 17:00 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-02-14 16:58 <DIR> d-------- C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP
2007-02-14 16:45 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-02-14 11:05 1 --a------ C:\WINDOWS\system32\index.dat
2007-02-14 10:24 28,176 --a------ C:\WINDOWS\system32\322B98D6.exe
2007-02-14 08:40 9,327 --a------ C:\WINDOWS\system32\drivers\hidproc.sys
2007-02-14 08:40 87,535 --a------ C:\WINDOWS\system32\1010s.exe
2007-02-14 08:40 50,227 --a------ C:\WINDOWS\system32\1647FC61T.EXE
2007-02-14 08:40 50,227 --a------ C:\WINDOWS\system32\1647FC61.EXE
2007-02-14 08:40 41,984 --a------ C:\WINDOWS\system32\1647FC61.DLL
2007-02-14 08:40 32,578 --a------ C:\lodcvybl.exe
2007-02-14 08:40 171 --a------ C:\WINDOWS\system32\322B98D6.dat
2007-02-14 08:40 153,214 --a------ C:\WINDOWS\system32\ad_1128.exe
2007-02-14 08:40 119,720 --a------ C:\WINDOWS\system32\t21.exe
2007-02-14 08:40 1,869 --a------ C:\voraiau.exe
2007-02-06 23:35 <DIR> d-------- C:\Program Files\Lavasoft
2007-02-06 18:42 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-02-06 18:32 <DIR> d-------- C:\Program Files\Microsoft Works
2007-02-06 18:31 <DIR> d-------- C:\Program Files\MSBuild
2007-02-06 18:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-02-06 18:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Help
2007-02-02 10:22 9,728 --a------ C:\WINDOWS\system32\dczet.dll
2007-01-28 21:25 <DIR> d-------- C:\DOCUME~1\RAJIVS~1\Application Data\dvdcss
2007-01-24 16:14 28,672 --a------ C:\WINDOWS\system32\vaselc.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-14 22:17 12873 --a------ C:\WINDOWS\system32\jdsthu2.exe
2007-02-14 20:54 -------- d-------- C:\Program Files\mozilla firefox
2007-02-14 19:30 -------- d-------- C:\Program Files\tvants
2007-02-14 18:43 -------- d-------- C:\Documents and Settings\Rajiv Shenoy\Application Data\webroot
2007-02-14 18:07 -------- d-------- C:\Program Files\yahoo!
2007-02-14 17:01 -------- d-------- C:\Program Files\google
2007-02-14 17:00 -------- d-------- C:\Program Files\network associates
2007-02-14 16:59 -------- d-------- C:\Program Files\flightgear
2007-02-14 08:40 -------- d-------- C:\Program Files\winamp
2007-02-13 23:09 -------- d-------- C:\Documents and Settings\Rajiv Shenoy\Application Data\.gaim
2007-02-11 00:44 -------- d-------- C:\Documents and Settings\Rajiv Shenoy\Application Data\utorrent
2007-02-08 01:54 -------- d-------- C:\Program Files\quicktime
2007-02-08 01:53 -------- d-------- C:\Program Files\apple software update
2007-02-07 00:03 -------- d---s---- C:\Documents and Settings\Rajiv Shenoy\Application Data\microsoft
2007-01-29 10:01 -------- d-------- C:\Documents and Settings\Rajiv Shenoy\Application Data\ppstream
2007-01-28 21:25 -------- d-------- C:\Documents and Settings\Rajiv Shenoy\Application Data\dvdcss
2007-01-27 10:16 -------- d-------- C:\Program Files\tvuplayer
2007-01-16 21:23 -------- d-------- C:\Program Files\gaim
2007-01-07 12:53 -------- d-------- C:\Program Files\supertoolbar
2007-01-07 09:54 -------- d-------- C:\Program Files\java
2007-01-07 09:54 -------- d-------- C:\Documents and Settings\Rajiv Shenoy\Application Data\google
2007-01-06 19:17 -------- d-------- C:\Program Files\adidas
2007-01-06 19:11 -------- d-------- C:\Program Files\webteh
2007-01-06 19:11 -------- d-------- C:\Documents and Settings\Rajiv Shenoy\Application Data\bsplayer
2007-01-05 17:14 -------- d-------- C:\Program Files\netzero
2007-01-03 17:16 -------- d-------- C:\Documents and Settings\Rajiv Shenoy\Application Data\weatherbug
2006-11-24 20:56 194376 --a------ C:\Documents and Settings\Rajiv Shenoy\Application Data\shb.dat
2006-11-21 08:56 272551 --a------ C:\WINDOWS\system32\tmp.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NetZero_uoltray"="\"C:\\Program Files\\NetZero\\exec.exe\" regrun"
"spc_w"="\"C:\\Program Files\\NZSearch\\nzspc.exe\" -w"
"Weather"="\"C:\\Program Files\\AWS\\WeatherBug\\Weather.exe\" 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"CPushSetup"="\"C:\\WINDOWS\\system32\\regsvr32.exe\" /s \"C:\\Program Files\\Common Files\\CPUSH\\cpush.dll\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rajiv Shenoy^Start Menu^Programs^Startup^adidas.lnk]
"path"="C:\\Documents and Settings\\Rajiv Shenoy\\Start Menu\\Programs\\Startup\\adidas.lnk"
"backup"="C:\\WINDOWS\\pss\\adidas.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\adidas\\main.exe "
"item"="adidas"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers\ttp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttp"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\drivers\\ttp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dfsf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Mvvp"
"hkey"="HKLM"
"command"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system\\Mvvp.dll,DImmcv"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdafdsafds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="162"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\temp\\162.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UUpdate"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\UUSee\\UUpdate.exe\""
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptimg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\fsb
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\vcharp
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ws2ifsd

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ENTDRV51


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-14 22:21:01




SDFIX -

SDFix: Version 1.65

Run by: Rajiv Shenoy - Wed 02/14/2007 @ 22:50:29.02

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found..




ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe"="C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe:*:Enabled:SynacastPE"
"C:\\Program Files\\ppStream\\ppStream.exe"="C:\\Program Files\\ppStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\Documents and Settings\\Rajiv Shenoy\\My Documents\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\Rajiv Shenoy\\My Documents\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\Program Files\\Gaim\\gaim.exe"="C:\\Program Files\\Gaim\\gaim.exe:*:Enabled:gaim"
"C:\\Program Files\\tvants\\Tvants.exe"="C:\\Program Files\\tvants\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Documents and Settings\\Rajiv Shenoy\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Rajiv Shenoy\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\temp\\sd152.exe"="C:\\WINDOWS\\temp\\sd152.exe:*:Enabled:sd152.exe"
"C:\\Program Files\\UUSee\\UUSeePlayer.exe"="C:\\Program Files\\UUSee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\temp\\162.exe"="C:\\WINDOWS\\temp\\162.exe:*:Enabled:162.exe"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll
C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\WINDOWS\system32\config\system.tmp.LOG




AVG - Anti-Spyware -

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:10:04 PM 2/15/2007

+ Scan result:



C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP185\A0018022.dll -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP201\A0023975.dll -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024515.dll -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024522.dll -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024523.dll -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP201\A0023828.exe -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024502.dll -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024503.dll -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024564.exe -> Adware.Baidu : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015257.sys -> Adware.BDSearch : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015258.sys -> Adware.BDSearch : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015284.dll -> Adware.BDSearch : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015298.sys -> Adware.BDSearch : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP201\A0023827.SYS -> Adware.BDSearch : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024526.SYS -> Adware.BDSearch : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015246.exe -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP184\A0017909.exe -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP184\A0017912.exe -> Adware.BHO : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP201\A0023832.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP201\A0023833.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP201\A0023834.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP201\A0023835.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP201\A0023836.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP201\A0023980.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP201\A0023981.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP204\A0024276.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP204\A0024341.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP204\A0024342.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024548.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024549.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024550.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024551.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024563.dll -> Adware.Boran : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024544.sys -> Adware.Caifu : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015262.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015265.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015267.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015272.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015288.exe -> Adware.CDN : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015304.exe -> Adware.CDN : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015324.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024506.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024507.dll -> Adware.Cdn : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP151\snapshot\MFEX-2.DAT -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP152\snapshot\MFEX-1.DAT -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP153\snapshot\MFEX-1.DAT -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP154\snapshot\MFEX-1.DAT -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015260.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015268.sys -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015270.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015276.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015278.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015280.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015282.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015296.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015300.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015302.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015306.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015322.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015323.dll -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024504.exe -> Adware.Cdnup : No action taken.
C:\WINDOWS\system32\wbem\setupcnn.exe -> Adware.Cdnup : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024454.exe -> Adware.Cinmus : No action taken.
C:\sUBs\6FtUnder\PCTools.vir\pctools.dll -> Adware.Cinmus : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} -> Adware.Generic : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024478.sys -> Adware.Hooya : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP169\A0015400.dll -> Adware.NewWeb : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP172\A0015565.dll -> Adware.NewWeb : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP173\A0015674.sys -> Adware.NewWeb : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP173\A0015695.dll -> Adware.NewWeb : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP173\A0015696.dll -> Adware.NewWeb : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP173\A0015728.dll -> Adware.NewWeb : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024545.dll -> Adware.NewWeb : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP201\A0024001.exe -> Adware.UUSee : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP202\A0024104.exe -> Adware.UUSee : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP204\A0024288.exe -> Adware.UUSee : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP204\A0024310.exe -> Adware.UUSee : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP204\A0024311.exe -> Adware.UUSee : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024464.EXE -> Backdoor.Agent.ahj : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024465.DLL -> Backdoor.Agent.ahj : No action taken.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\A0017970.exe.Vir -> Backdoor.Virkel.A : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP183\A0017612.dll -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP186\A0018103.sys -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP186\A0018104.dll -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP186\A0018105.dll -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP186\A0018106.exe -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP188\A0018329.sys -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP188\A0018331.dll -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP188\A0018332.exe -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024473.exe -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024477.sys -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024483.dll -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024491.exe -> Downloader.Agent.bcc : No action taken.
C:\WINDOWS\system32\caclib.d11 -> Downloader.Agent.bcc : No action taken.
C:\WINDOWS\system32\dczet.dll -> Downloader.Agent.bcc : No action taken.
C:\WINDOWS\system32\mctet.d11 -> Downloader.Agent.bcc : No action taken.
C:\WINDOWS\system32\vaselc.dll -> Downloader.Agent.bcc : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP179\A0016255.dll -> Downloader.Agent.bcd : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP180\A0016386.dll -> Downloader.Agent.bcd : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP180\A0016451.dll -> Downloader.Agent.bcd : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP181\A0016499.dll -> Downloader.Agent.bcd : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP182\A0016555.dll -> Downloader.Agent.bcd : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP183\A0017614.dll -> Downloader.Agent.bcd : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024527.sys -> Downloader.Agent.bgg : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024528.dll -> Downloader.Agent.bgg : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024531.sys -> Downloader.Agent.bgg : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024532.dll -> Downloader.Agent.bgg : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024537.dll -> Downloader.Agent.bgg : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024538.sys -> Downloader.Agent.bgg : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024539.dll -> Downloader.Agent.bgg : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024540.sys -> Downloader.Agent.bgg : No action taken.
C:\WINDOWS\system32\sethp.exe -> Downloader.Agent.yd : No action taken.
C:\Documents and Settings\Rajiv Shenoy\Local Settings\Temporary Internet Files\Content.IE5\O9AV4X2F\stat[1].htm -> Downloader.AQM : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024436.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024437.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024438.exe -> Downloader.Small : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024547.dll -> Downloader.Small : No action taken.
C:\WINDOWS\system\Mvvp.dll -> Downloader.VB.art : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024479.exe -> Downloader.Zlob : No action taken.
C:\Program Files\Common Files\CPUSH\Uninst.exe -> Dropper.BHO.av : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP167\A0015256.dll -> Hijacker.Agent.io : No action taken.
C:\WINDOWS\system32\tmp.exe -> Hijacker.Agent.io : No action taken.
C:\Documents and Settings\Rajiv Shenoy\Local Settings\Temporary Internet Files\Content.IE5\0HABG1YF\service[1].exe -> Hijacker.Chimoz.ba : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024530.dll -> Hijacker.Small : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024518.dll -> Proxy.Dlena.ca : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024529.sys -> Rootkit.Small : No action taken.
C:\System Volume Information\_restore{01BDD282-8D89-4E26-BAB3-25D2B8109FDA}\RP207\A0024533.sys -> Rootkit.Small : No action taken.
:mozilla.537:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.538:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.539:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.540:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.541:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.542:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.543:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.544:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.545:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.546:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.547:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.548:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.549:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.550:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.551:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.552:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.553:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.554:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.555:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.556:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.557:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.558:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.559:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.560:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.561:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.562:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.563:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.564:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.565:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.566:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.567:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.568:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.569:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.570:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.571:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.572:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.573:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.574:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.575:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.944:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.771:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.772:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.773:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.523:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.498:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.499:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.500:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.501:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.503:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.504:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.505:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.518:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.519:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.493:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.494:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.495:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.496:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.497:C:\Documents and Settings\Rajiv Shenoy\Application Data\Mozilla\Firefox\Profiles\z7wbumxe.default\cookies.txt -> TrackingCookie.Advertising : No action taken.<
  • 0

Advertisements


#2
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome to Geekstogo!

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\jsds3utj.dat
    C:\WINDOWS\system32\431171509418.dat
    C:\WINDOWS\system32\431171502222.dat
    C:\WINDOWS\system32\431171497035.dat
    C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP
    C:\WINDOWS\system32\322B98D6.exe
    C:\WINDOWS\system32\1010s.exe
    C:\WINDOWS\system32\1647FC61T.EXE
    C:\WINDOWS\system32\1647FC61.EXE
    C:\WINDOWS\system32\1647FC61.DLL
    C:\lodcvybl.exe
    C:\WINDOWS\system32\322B98D6.dat
    C:\WINDOWS\system32\ad_1128.exe
    C:\voraiau.exe
    C:\WINDOWS\system32\jdsthu2.exe
    C:\WINDOWS\system32\tmp.exe
    C:\WINDOWS\system\Mvvp.dll
    C:\WINDOWS\temp\162.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Edited by Tigger93, 16 February 2007 - 11:41 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP