Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spam sent by trojan from my computer [RESOLVED]


  • This topic is locked This topic is locked

#16
porcupine

porcupine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi loophole,

It looks like the only thing we got rid of was TV Media. I hope we got rid of it for good. I've tried a couple times to get rid of it, but it comes back. Here are the scan results.

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-07 15:10:17
PROTECTIONS: 1
MALWARE: 9
SUSPECTS: 3
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.524 7.5.524 No Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00018457 adware/purityscan Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B7D753B-1981-4bd2-91F3-6D055EE113A0}
00035917 adware/ist.sidefind Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sidefind
00048242 adware/404search Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}
00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5B2F29-1F46-4639-A6B4-828942301D3E}
00110908 adware/localnrd Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD}
00122029 Dialer.OK Dialers No 0 Yes No C:\!KillBox\internazionale_ver3.INF
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Cookies\[email protected][2].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Cookies\[email protected][1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Cookies\[email protected][1].txt
00194009 Dialer.BVG Dialers No 0 Yes No C:\!KillBox\VoiceCall.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
Yes C:\Deckard\System Scanner\20080704204033\BACKUP\DOCUME~1\USER\LOCALS~1\Temp\NSY46.TMP\NS47.TMP
Yes C:\Deckard\System Scanner\20080704204033\BACKUP\DOCUME~1\USER\LOCALS~1\Temp\nso3B.tmp\ns3F.tmp
Yes C:\Deckard\System Scanner\20080704204033\BACKUP\DOCUME~1\USER\LOCALS~1\Temp\NSQ43.TMP\NS44.TMP
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
120815 HIGH MS06-022
;===============================================================================
=================================================================================
===================


Where do we go from here?
  • 0

Advertisements


#17
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi again :)

Those are just leftovers and arent doing anything. Lets remove them

Open notepad and copy/paste the text in RED below into it:

@echo off
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B7D753B-1981-4bd2-91F3-6D055EE113A0}" /f
reg delete "hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sidefind" /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}" /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5B2F29-1F46-4639-A6B4-828942301D3E}" /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD}" /f
attrib -s -r -h "C:\Program Files\C:\!KillBox\*.*"
rd /q /s "C:\Program Files\C:\!KillBox"


Save this as fix.bat, and save it to your desktop

Next double click it and let it run it will only take a second

The others are tracking cookies which are a normal part of using the internet:

Clearing cookies and temporary internet files IE7
  • Click on Tools
  • Click on "internet options"
  • Under "Browsing history" Click "Delete"
  • Click the "Delete all" button
*note* This will delete your saved passwords if you have internet explorer save them. Its never a good idea to do this because malware can easily read from this and send the data off.


Is everything running ok
  • 0

#18
porcupine

porcupine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I'll do what you suggested soon.

I'm mostly concerned about MS06-022 which panda scan describes a vulnerability. It lists the risk as high.

BTW, before I contacted you, I went to the Microsoft site and tried to download and use a fix. My operating system is in Hebrew (different writing system). I got an error message that said KB918439 Setup Error: Setup cannot update your windows XP files because the language installed on your system is different from update language.

So is MS06-022 a leftover or should I be worried about it?

Also, a week ago I ran a Norton online scan. The virus scan ran without a problem, but the trojan/malware scan wouldn't run. I tried it again today and it still wouldn't run, which worries me. What do you think?

Bye for now/
  • 0

#19
porcupine

porcupine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi loophole,

I did what you suggested. If I run another panda scan, what results should I expect?

All along my computer was running ok, maybe a bit slowly more than I'd like. It's possible that I just need to upgrade - not sure that's related.

Thanks
  • 0

#20
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts

If I run another panda scan, what results should I expect?

Nothing

So is MS06-022 a leftover or should I be worried about it?

I missed that :) try to install it by downloading it here

I honestly can't comment on the

Setup cannot update your windows XP files because the language installed on your system is different from update language.

I don't see why it wouldnt work with this update but does with the others


Lets see if we can do a little tweaking with your speed.

I see you have Deckards System Scanner (Dss)

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt
  • 0

#21
porcupine

porcupine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I went to the Microsoft page you directed me to. When I click the Download button, I was directed to this page http://www.microsoft...;displayLang=en
It says thank you for downloading, but no dialogue box opened up. I tried it through the Hebrew site but got the same results, but then I noticed there was a button to click if the download didn't start. I clicked it and selected Run. I got the following error message (I'm translating) You don't have permission to update Windows XP. Go to your system manager. I'm not on a network. There aren't any other users on the computer.
Went back to the English site. There is the same button if it doesn't start downloading. Got the error message about the language. :)

In the meantime, I ran a panda scan just for fun. All I have left is the Dialer.BVG and Dialer.OK. plus the MS06-022.
What can I do now to get rid of MS06-022?

I pasted "%userprofile%\desktop\dss.exe" /config in Run and got an error message. I tried replacing the word desktop with the hebrew translation of desktop, but it didn't like that either.

Sorry :)

Signed, queen of the error messages
  • 0

#22
porcupine

porcupine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Success!!!

When I downloaded the Hebrew version, I clicked run. When I tried the English version, I saved it. Each one gave me a different error message. I decided to save the Hebrew version and that did the trick! I'm going to do yest another panda scan and see if I really got rid of it. I'll post the results. What should I do about DSS?

BTW, I just want to thank you for taking the time to help me. I've had internet for 12 years and I still can't get over the idea of being in touch with someone on the other side of the world. It's amazing that someone like you is helping people. Just wanted you to know that it's appreciated.
  • 0

#23
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
I made a slight error in my batch file, just delete this folder C:\!Killbox and that will get rid of Dialer.BVG and dialer ok

BTW, I just want to thank you for taking the time to help me

Your very welcome

Is DSS.exe on your desktop?
  • 0

#24
porcupine

porcupine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Yes, DSS is on my desktop.
  • 0

#25
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
strange . OK, delete this folder C:\Deckard

then doubleclick DSS.exe and post the two logs please
  • 0

Advertisements


#26
porcupine

porcupine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Deleted C:\Deckard and double clicked on DSS. Got same result. Should I delete DSS and download it again?
  • 0

#27
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Yes, just delete the one off your desktop and a new one here Deckard's System Scanner (DSS)
  • 0

#28
porcupine

porcupine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I deleted DSS and downloaded it again, saving it to my download folder (not desktop). When I double clicked on it, the scan started running automatically, like before. No options to choose from. How is DSS connected to Hijack this? The DSS scan says Hijack this scan when I run it. I also have a separate version of Hijack this on my desktop. At any rate, if it helps you, here are the results of the last DSS scan.


Deckard's System Scanner v20071014.68
Run by user on 2008-07-07 19:31:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:55 PM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOWNLOADS\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwe...er/dbplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.n...E_5.3.0.228.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://tango.huji.a.../ICSScanner.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 8300 bytes

-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-07 14:19:50 0 d-------- C:\WINDOWS\LastGood
2008-07-05 19:59:30 0 d-------- C:\Documents and Settings\user\DoctorWeb
2008-07-05 19:45:22 0 d--hs---- C:\FOUND.001
2008-07-04 20:46:59 68096 --a------ C:\WINDOWS\zip.exe
2008-07-04 20:46:59 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-04 20:46:59 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-04 20:46:59 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-04 20:46:59 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-04 20:46:59 98816 --a------ C:\WINDOWS\sed.exe
2008-07-04 20:46:59 80412 --a------ C:\WINDOWS\grep.exe
2008-07-04 20:46:59 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-04 15:17:58 0 d-------- C:\Program Files\Trend Micro
2008-07-04 10:58:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-04 10:42:51 0 d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-07-04 10:42:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 10:42:08 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-04 09:44:12 0 d-------- C:\Program Files\ICQ6
2008-06-26 13:09:38 0 d-------- C:\ie-spyad_zo
2008-06-26 12:58:34 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 09:21:26 0 d-------- C:\Program Files\Panda Security
2008-06-12 07:18:14 0 d-------- C:\WINDOWS\system32\Cult3D


-- Find3M Report ---------------------------------------------------------------

2008-05-20 19:20:48 0 d-------- C:\Program Files\iPod
2008-05-20 19:20:40 0 d-------- C:\Program Files\iTunes
2008-05-20 19:13:54 0 d-------- C:\Program Files\Apple Software Update
2008-05-19 08:23:26 0 d-------- C:\Documents and Settings\user\Application Data\Move Networks


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [11/15/2005 12:12 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/21/2005 07:07 AM]
"nwiz"="nwiz.exe" [07/21/2005 07:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/21/2005 07:07 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/22/2008 05:25 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [11/25/2007 12:47 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]

C:\Documents and Settings\user\š”˜‰ˆ „š‡Œ„\š…‹‰…š\„”’Œ„\
Workrave.lnk - C:\Program Files\Workrave\lib\Workrave.exe [3/4/2007 8:54:34 PM]

C:\Documents and Settings\All Users\š”˜‰ˆ „š‡Œ„\š…‹‰…š\„”’Œ„\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/14/2007 3:36:18 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [11/25/2007 12:47:43 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/6/2008 4:00:29 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=0 (0x0)
"Btn_Search"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^תפריט התחלה^תוכניות^הפעלה^Antivirus live update.lnk]
path=C:\Documents and Settings\user\תפריט התחלה\תוכניות\הפעלה\Antivirus live update.lnk
backup=C:\WINDOWS\pss\Antivirus live update.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot




-- End of Deckard's System Scanner: finished at 2008-07-07 19:33:14 ------------

Thanks!
  • 0

#29
porcupine

porcupine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Ran another panda scan. Only the 2 dialers (Dialer.BVG and Dialer.OK) remain

Edited by porcupine, 07 July 2008 - 12:44 PM.

  • 0

#30
porcupine

porcupine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Loophole,

You were going to see if it you can tweak the speed of my computer. Can we do that?

Is it ok that the 2 dialers are still there? Should I do something to get rid of them?

Is there any way to test if spam is being sent from my email, or time will tell?

Do you think it's suspicious that I can't do an online Norton malware scan (aborts in the middle)?

Thanks!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP