I appreciate this SO VERY MUCH, I paid for the program NoAdware.net and they sent me a diagnostic tool which reads simular, if not the same, and I'd still have over 225 of the infections created by the trojan.W32.Looksky virus if not for this site. I've been waiting 2 days since they sent that, and I just hope they give my by $42 back. They promised to fix this problem, and while their program may be ok for when I start my pc up, I feel cheated.
The infection that it shows that is DANGEROUS is; Ultimate DefendeC:\Documents and settings\Penny\ApDirectory
NON DANGEROUS; tracking cookie, ucleaner
Thank you again, YOU ALL ROCK...
Then when this is over, I have to figure out how to get help with re-creating my "Web, Web1, Web2" file link i use to have for my two websites which after this mess is gone.
TY
Penelopepony
********************************************************************************
***
OS : Windows XP Professional Edition Service Pack 2
Build : 5.1.2600
IE Version : 6.0.2900
Diagnostic Tool Ver:2.0
---------------------------------------------------
UniqueID = {B7321E8E6100C8A011658E1752323F41}
Noadware Versions :
Current Def File :
Noadware Version :
Initial Noadware Def File :
-------------------------------------------
-------------------------
Running Processes
1. N/A (security restriction) MD5={Cannot Open file}
2. \SystemRoot\System32\smss.exe MD5={Cannot Open file}
3. \??\C:\WINDOWS\system32\csrss.exe MD5={Cannot Open file}
4. \??\C:\WINDOWS\system32\winlogon.exe MD5={Cannot Open file}
5. C:\WINDOWS\system32\services.exe MD5={C6CE6EEC82F187615D1002BB3BB50ED4}
6. C:\WINDOWS\system32\lsass.exe MD5={84885F9B82F4D55C6146EBF6065D75D2}
7. C:\WINDOWS\system32\svchost.exe MD5={8F078AE4ED187AAABC0A305146DE6716}
8. C:\WINDOWS\system32\svchost.exe MD5={8F078AE4ED187AAABC0A305146DE6716}
9. C:\WINDOWS\System32\svchost.exe MD5={8F078AE4ED187AAABC0A305146DE6716}
10. C:\Program Files\Ahead\InCD\InCDsrv.exe MD5={E9372A17C22FC4E5C9FD8798A97775FC}
11. C:\WINDOWS\system32\svchost.exe MD5={8F078AE4ED187AAABC0A305146DE6716}
12. C:\WINDOWS\Explorer.EXE MD5={A0732187050030AE399B241436565E64}
13. C:\WINDOWS\system32\svchost.exe MD5={8F078AE4ED187AAABC0A305146DE6716}
14. C:\WINDOWS\system32\spoolsv.exe MD5={7435B108B935E42EA92CA94F59C8E717}
15. C:\WINDOWS\system32\CTsvcCDA.EXE MD5={3C8B6609712F4FF78E521F6DCFC4032B}
16. C:\WINDOWS\System32\alg.exe MD5={F1958FBF86D5C004CF19A5951A9514B7}
17. C:\WINDOWS\SYSTEM32\USRmlnkA.exe MD5={3455E6FBF1A7C0E97666B874642C75BE}
18. C:\WINDOWS\SYSTEM32\USRshutA.exe MD5={7315EDC07245CCF9E194F8A34DA061BC}
19. C:\WINDOWS\SYSTEM32\USRmlnkA.exe MD5={3455E6FBF1A7C0E97666B874642C75BE}
20. C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe MD5={B8C105215A4EE0680BD4A4F43622E48F}
21. C:\WINDOWS\system32\Rundll32.exe MD5={DA285490BBD8A1D0CE6623577D5BA1FF}
22. C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe MD5={9C1C80BBF8E6044980890E2D2D91091C}
23. C:\Program Files\Winamp\winampa.exe MD5={F0537722502644B590CC499ECF26FAD1}
24. C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe MD5={8FB740D758B14B1BC950CC347C21E461}
25. C:\Program Files\Ahead\InCD\InCD.exe MD5={CF508A3971DECEEC1CE575DDDCA4A019}
26. C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe MD5={C744293DFBE1A3347FEC5DBFE3FD123E}
27. C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MD5={E616A6A6E91B0A86F2F6217CDE835FFE}
28. C:\WINDOWS\system32\ctfmon.exe MD5={24232996A38C0B0CF151C2140AE29FC8}
29. C:\Program Files\NoAdware5.0\NoAdware5.exe MD5={86C5E6EFDD561E371317DAF2F79A8C98}
30. C:\Program Files\Messenger\msmsgs.exe MD5={B53343FE60A33EE765C2476D50D27B26}
31. C:\WINDOWS\system32\wuauclt.exe MD5={F3E9065EB617A7E3A832A7976BFA021B}
32. C:\Program Files\Internet Explorer\iexplore.exe MD5={E7484514C0464642BE7B4DC2689354C8}
33. C:\Documents and Settings\Penny\Desktop\diagnostic.exe MD5={D4F28D5A9A777711B7D5A20AF3C57AA1}
-------------------------
End Running Processes
1. Start Page (IE) - http://softwarerefer...=...6Ojg5&lid=2
2. Default Page URL (IE) - http://www.microsoft...p...&ar=msnhome
3. Search Page - http://www.google.com
4. Search Bar - http://www.google.com/ie
5. Customize Search - http://ie.search.msn...st/srchcust.htm
6. Search Assistant - http://www.google.com/ie
7. Default Prefix - http://
8. Prefixes - http://
9. IE Toolbar - {102BAD8B-CD05-46ff-94FF-A2C1ABD5F7D5} = C:\Program Files\Defender Pro\Defender Pro Anti-Scam\mscoree.dll
10. IE Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} = c:\program files\google\googletoolbar3.dll
11. Extra Buttons - (No Name)
12. Extra Buttons - Popup Blocker
13. Extra Buttons - Messenger
14. IE Context Menu - E&xport to Microsoft Excel = res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
15. Hosts File - 127.0.0.1 localhost
16. BHO - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (No Name){761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
17. BHO - c:\program files\google\googletoolbar3.dll (No Name){AA58ED58-01DD-4d91-8333-CF10577473F7}
18. BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (No Name){AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
19. BHO - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll [OsbornTech Popup Blocker]{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
20. Run(HKLM) - USRpdA C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
21. Run(HKLM) - CTSysVol C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
22. Run(HKLM) - P17Helper Rundll32 P17.dll,P17Helper
23. Run(HKLM) - UpdReg C:\WINDOWS\UpdReg.EXE
24. Run(HKLM) - SunJavaUpdateSched "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
25. Run(HKLM) - WinampAgent C:\Program Files\Winamp\winampa.exe
26. Run(HKLM) - RemoteControl "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
27. Run(HKLM) - InCD C:\Program Files\Ahead\InCD\InCD.exe
28. Run(HKLM) - NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
29. Run(HKLM) - 103 "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
30. Run(HKCU) - Creative Detector C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
31. Run(HKCU) - swg C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
32. Run(HKCU) - ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
33. Run(HKCU) - NoAdware5 "C:\Program Files\NoAdware5.0\NoAdware5.exe" :Scan:
34. Run(HKCU) - MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
35. Startup - desktop(2)(2).ini
36. Startup - desktop(2).ini
37. Startup - desktop(3).ini
38. Startup - desktop(4).ini
39. Global Startup - desktop(2)(2).ini
40. Global Startup - desktop(2).ini
41. Global Startup - desktop(3).ini
42. Global Startup - desktop(4).ini
43. Global Startup - Microsoft Office.lnk
44. DPF - {8AD9C840-044E-11D1-B3E9-00805F499D93} - http://java.sun.com/...ows-i586-jc.cab
45. DPF - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - http://java.sun.com/...indows-i586.cab
46. DPF - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - http://java.sun.com/...indows-i586.cab
47. DPF - {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload.ma...ash/swflash.cab
48. Trusted Zones - msn.com
49. System Services - DcomLaunch = %SystemRoot%\system32\svchost -k DcomLaunch
50. System Services - FETND5BV = system32\DRIVERS\fetnd5bv.sys
51. System Services - gusvc = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
52. System Services - InCDPass = System32\DRIVERS\InCDPass.sys
53. System Services - InCDsrv = C:\Program Files\Ahead\InCD\InCDsrv.exe
54. System Services - P17 = system32\drivers\P17.sys
55. System Services - USRpdA = system32\DRIVERS\USRpdA.sys
56. System Services - vmm = \??\C:\WINDOWS\system32\Drivers\vmm.sys
57. System Services - VPCNetS2 = system32\DRIVERS\VMNetSrv.sys
58. System Services - wscsvc = %SystemRoot%\System32\svchost.exe -k netsvcs
59. System Services - xmlprov = %SystemRoot%\System32\svchost.exe -k netsvcs
-------------------------
Installed LSPs
**No Unknown LSPs Found**
LSPs Finished
-----------------------------
-------------------------
Policies
Key Name : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,Value = NoDriveTypeAutoRun, ValueData = 145
Key Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum,Value = {BDEADF00-C265-11D0-BCED-00A0C90AB50F}, ValueData = 1
Key Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum,Value = {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}, ValueData = 1073741857
Key Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum,Value = {0DF44EAA-FF21-4412-828E-260A8728E7F1}, ValueData = 32
Key Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system,Value = shutdownwithoutlogon, ValueData = 1
Key Name : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system,Value = undockwithoutlogon, ValueData = 1
-------------------------
End Policies
These Files can be uploaded
------------------------------------------
1. c:\program files\google\googletoolbar3.dll MD5(6319F2D4708DBCAE37CFA03DA10782C0)
2. C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll MD5(70FD57D6EDBED8D80C1995257C99D27E)
3. c:\program files\google\googletoolbar3.dll MD5(6319F2D4708DBCAE37CFA03DA10782C0)
4. C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll MD5(1DC47CA76A0FFEAA25B45DE5706F2115)
5. C:\WINDOWS\SYSTEM32\USRmlnkA.exe MD5(3455E6FBF1A7C0E97666B874642C75BE)
6. C:\WINDOWS\UpdReg.EXE MD5(C419DF63E0121D72411285780C2FC6CC)
7. C:\Program Files\Winamp\winampa.exe MD5(F0537722502644B590CC499ECF26FAD1)
8. C:\Program Files\Ahead\InCD\InCD.exe MD5(CF508A3971DECEEC1CE575DDDCA4A019)
9. C:\WINDOWS\system32\NeroCheck.exe MD5(3E4C03CEFAD8DE135263236B61A49C90)
10. C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MD5(E616A6A6E91B0A86F2F6217CDE835FFE)
11. C:\WINDOWS\system32\ctfmon.exe MD5(24232996A38C0B0CF151C2140AE29FC8)