Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Help Removing loadingwebsite.com [RESOLVED]


  • This topic is locked This topic is locked

#16
SergeantJack

SergeantJack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hello again,

I finished the scans and saved the log, but now I'm concerned; the log is super long, making a 12 mb text file. Did I do something wrong? I don't think you guys would appreciate me pasting that much text into a post (if it's even possible).

I'll be watching for your reply. Thanks again for your help.
  • 0

Advertisements


#17
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
When the scan was running there was a window at the bottom. That was all I needed you to copy (per my instructions). I did not need the whole log. 12 MB is an awful big log!! I guess I will have to trust that it deleted a lot of files! Please post a new HiJackThis log for me.
  • 0

#18
SergeantJack

SergeantJack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hello again,

I ran the scans and finally finished them. I saved the log, but I believe I must have done something wrong, because the text file is over 12 MB, and I don't think you guys would appreciate me pasting that much text in here.

Did I do something wrong?
  • 0

#19
SergeantJack

SergeantJack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Whoops, sorry. I didn't see my last post on this thread, or your reply, so I was re-posting it. Here's my newest Hijack This log:


Logfile of HijackThis v1.99.1
Scan saved at 9:01:19 PM, on 6/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\rrmlhn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\PeDevice\PeDev.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Ahead\nero\nero.exe
C:\WINDOWS\system32\imapi.exe
C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rrmlhn.exe reg_run
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  • 0

#20
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
It's already looking better! I will look over it thoroughly and be back as soon as possible!
  • 0

#21
SergeantJack

SergeantJack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
So far I see no evidence of any kind of crapware on my system, so it's possible that this did the trick.

I have one question, though: do you know what PeDev.exe is?
  • 0

#22
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Actually, your computer is still quite infected! You have a browser hijacker and new variant of an infection called Qoologic, a couple of spyware programs. So we definitely are not done!

I have no clue what that file is, I've not seen it before. But, I will try to find out. If I do not figure out what it is I will need you to upload the file for me so it can be analyzed.
  • 0

#23
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Do NOT run BitComet while I'm trying to help you clean your system. That will only cause the problems to become worse...
  • 0

#24
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
* Please download the Killbox by Option^Explicit.

* Save it to your desktop.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\system32\rrmlhn.exe
C:\WINDOWS\systb.dll
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\system32\AUNPS2.DLL
C:\WINDOWS\system32\rrmlhn.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\Cas\Client\casmf.dll


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, stay off the Internet. Make sure all programs and windows are closed. Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rrmlhn.exe reg_run
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"

O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll


Close HiJackThis.

Using Windows Explorer, delete the following folders, in bold:

C:\Program Files\Cas
C:\Program Files\Media Access

Connect to the Internet.

This part is extremely important so that we can get rid of Qoologic!!
Download, install, and run CleanUp!. It deletes EVERYTHING out of temporary/temp files and does not make backups. If you have anything you need in temporary folders, back it up or move it prior to running cleanup!

Then, please run this online virus scan:
ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log.
  • 0

#25
SergeantJack

SergeantJack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hello again. Sorry for the late reply...I'm having trouble finding time to sit down at my system.


I ran all the scans as you requested. Here's the online ActiveScan log:


Incident Status Location

Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\rruynoo.dll
Adware:Adware/AdBehavior No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nntu.exe
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\ide21201.vxd
Adware:Adware/EliteBar No disinfected Windows Registry
Adware:Adware/ValueAd No disinfected C:\WINDOWS\system32\??pPatch
Adware:Adware/Novo No disinfected Windows Registry
Adware:Adware/Weirdontheweb No disinfected C:\WINDOWS\weirdontheweb_topc.exe
Adware:Adware/AdBehavior No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nntu.exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\l2mfix\backup.zip[czbcatex.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\l2mfix\backup.zip[dgound.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\l2mfix\backup.zip[ejcdec.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\l2mfix\backup.zip[kldhe319.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\l2mfix\backup.zip[mxjint40.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\l2mfix\backup.zip[ndtapi.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\l2mfix\backup.zip[nswdev.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\l2mfix\backup.zip[rpmps.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\l2mfix\backup.zip[sEmsrv.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\l2mfix\backup.zip[guard.tmp]
Adware:Adware/WinTools No disinfected C:\WINDOWS\hisistheurls.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system\UpdInst.exe
Adware:Adware/QoolAid No disinfected C:\WINDOWS\system32\bboxdrr.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\system32\dist001.exe
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\ide21201.vxd
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\ppvgw.dat
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\system32\PSof1.exe
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\rrmlhn.exe
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\rruynoo.dll
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\uungi.dll
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\vidctrl\vidctrl.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\wmzfpdsh.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\thin-114-1-x-x.exe
Adware:Adware/Weirdontheweb No disinfected C:\WINDOWS\weirdontheweb_topc.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\xwkledb.exe



Here's the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:35:47 PM, on 7/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nntu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PeDevice\PeDev.exe
C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  • 0

Advertisements


#26
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\system32\rrmlhn.exe
C:\WINDOWS\system32\rruynoo.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nntu.exe
C:\WINDOWS\system32\ide21201.vxd
C:\WINDOWS\weirdontheweb_topc.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nntu.exe
C:\WINDOWS\hisistheurls.exe
C:\WINDOWS\system\UpdInst.exe
C:\WINDOWS\system32\bboxdrr.exe
C:\WINDOWS\system32\dist001.exe
C:\WINDOWS\system32\ide21201.vxd
C:\WINDOWS\system32\ppvgw.dat
C:\WINDOWS\system32\PSof1.exe
C:\WINDOWS\system32\rruynoo.dll
C:\WINDOWS\system32\uungi.dll
C:\WINDOWS\system32\vidctrl\vidctrl.exe
C:\WINDOWS\system32\wmzfpdsh.dll
C:\WINDOWS\thin-114-1-x-x.exe
C:\WINDOWS\weirdontheweb_topc.exe
C:\WINDOWS\xwkledb.exe


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperation prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, post a new HiJackThis log.
  • 0

#27
SergeantJack

SergeantJack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Okay, here's the new Hijack This log after running Killbox:


Logfile of HijackThis v1.99.1
Scan saved at 6:48:23 AM, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PeDevice\PeDev.exe
C:\Documents and Settings\Jack Harris\Desktop\Anti-Scum\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
  • 0

#28
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Please reboot into Safe Mode and delete this folder:

C:\Program Files\PeDevice

It shouldn't be running in safe mode, but if it is open task manager and click the process PeDev.exe and click "end process", then delete the folder. Let me know if you have any problems deleting it.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.
  • 0

#29
SergeantJack

SergeantJack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Okay, all done. Here's the Antispyware log:


Started Scanning
Internet Cookies
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'delfinproject.com' in 'Internet Explorer Cache'
Found 'a.websponsors.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'exitexchange.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}'
Found '' in 'SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories'
Found '' in 'Software\intexp'
Found '' in 'Software\intexp\Config'
Found '' in 'Software\intexp\MyFileSystem2'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.BottomFrame'
Found '' in 'SOFTWARE\Classes\IMIToolbar.BottomFrame.1'
Found '' in 'SOFTWARE\Classes\IMIToolbar.BottomFrame.1\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer'
Found '' in 'SOFTWARE\Classes\IMIToolbar.LeftFrame'
Found '' in 'SOFTWARE\Classes\IMIToolbar.LeftFrame.1'
Found '' in 'SOFTWARE\Classes\IMIToolbar.LeftFrame.1\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupBrowser'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupBrowser.1'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupBrowser.1\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupWindow'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupWindow.1'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupWindow.1\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID'
Found '' in 'SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer'
Found '' in 'SOFTWARE\Classes\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}'
Found '' in 'SOFTWARE\Classes\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}'
Found '' in 'SOFTWARE\Classes\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}'
Found '' in 'SOFTWARE\Classes\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}'
Found '' in 'SOFTWARE\Classes\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}\TypeLib'
Found '' in 'software\classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}'
Found '' in 'software\classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories'
Found '' in 'software\classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
Found '' in 'software\classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}'
Found '' in 'SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
Found '' in 'SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}'
Found 'InstallDay' in 'Software\intexp\Config'
Found 'KeywordMatch' in 'Software\intexp\Config'
Found 'LogUrl' in 'Software\intexp\Config'
Found 'PostCGITime' in 'Software\intexp\Config'
Found 'SystemDate' in 'Software\intexp\Config'
Found 'SystemID' in 'Software\intexp\MyFileSystem2'
Found '' in 'SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}'
Found '' in 'SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories'
Found '' in 'SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\Wbho.Band'
Found '' in 'SOFTWARE\Classes\Wbho.Band.1'
Found '' in 'SOFTWARE\Classes\Wbho.Band.1\CLSID'
Found '' in 'SOFTWARE\Classes\Wbho.Band\CLSID'
Found '' in 'SOFTWARE\Classes\Wbho.Band\CurVer'
Found '' in 'SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
Found '' in 'SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}'
Found '' in 'SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3}'
Found '' in 'SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD}'
Found '' in 'SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002}'
Found '' in 'SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303}'
Found '' in 'SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA}'
Found '' in 'SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7}'
Found '' in 'SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}'
Found '' in 'SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories'
Found '' in 'SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}'
Found '' in 'SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}'
Found '' in 'SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5}'
Found '' in 'SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5}\TypeLib'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61}'
Found '' in 'SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61}\TypeLib'
Found '' in 'SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}'
Found '' in 'SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4}\1.0\0'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}\1.0\0'
Found '' in 'SOFTWARE\Classes\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Programmable'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories\{00021494-0000-0000-C000-000000000046}'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Programmable'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories\{00021493-0000-0000-C000-000000000046}'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories'
Found '' in 'SOFTWARE\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}\Programmable'
Found '' in 'SOFTWARE\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}\Programmable'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}\TypeLib'
Found '' in 'SOFTWARE\Classes\Remove'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access'
Found '' in 'SOFTWARE\Media Access'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}'
Found '' in 'SOFTWARE\Classes\MediaAccess.Installer'
Found '' in 'SOFTWARE\Classes\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}'
Found '' in 'Software\LQ'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0'
Found '' in 'SOFTWARE\Classes\MediaAccess.Installer\CurVer'
Found '' in 'SOFTWARE\Classes\MediaAccess.Installer\CLSID'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Programmable'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\LocalServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories'
Found '' in 'SOFTWARE\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}'
Found '' in 'SOFTWARE\Classes\AppID\LoaderX.EXE'
Found 'AppID' in 'SOFTWARE\Classes\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}'
Found '' in 'SOFTWARE\Classes\AppID\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8}'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Found 'AppID' in 'SOFTWARE\Classes\AppID\LoaderX.EXE'
Found '' in 'SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon'
Found '' in 'SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon'
Found '' in 'Wbho.Band.1'
Found '' in 'Wbho.Band'
Found '' in 'CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}'
Found '' in 'IMIToolbar.PopupBrowser'
Found '' in 'IMIToolbar.PopupBrowser.1'
Found '' in 'CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}'
Found '' in 'IMIToolbar.LeftFrame'
Found '' in 'IMIToolbar.LeftFrame.1'
Found '' in 'IMIToolbar.BottomFrame'
Found '' in 'IMIToolbar.BottomFrame.1'
Found '' in 'CLSID\{F3155057-4C2C-4078-8576-50486693FD49}'
Found '' in 'IMIToolbar.PopupWindow'
Found '' in 'IMIToolbar.PopupWindow.1'
Found '' in 'CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}'
Found '' in 'Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}'
Found '' in 'TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}'
Found '' in 'Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}'
Found '' in 'Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}'
Found '' in 'Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}'
Found '' in 'Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}'
Found '' in 'Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}'
Found '' in 'CLSID\{F3155057-4C2C-4078-8576-50486693FD49}'
Found '' in 'AppID\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8}'
Found '' in 'AppID\LoaderX.EXE'
Found '' in 'TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}'
Found '' in 'Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}'
Found '' in 'CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}'
Found '' in 'MediaAccess.Installer'
Internet URL Shortcuts
Files and Directories
Found 'dice23.ico' in 'C:\WINDOWS\system32'
Found 'tdtb.exe' in 'C:\WINDOWS'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\WINDOWS\system32\dice23.ico' in shortcut areas.
Checking for 'C:\WINDOWS\system32\dice23.ico' in startup areas.
Cleaning 'C:\WINDOWS\system32\dice23.ico'
Checking for 'C:\WINDOWS\tdtb.exe' in shortcut areas.
Checking for 'C:\WINDOWS\tdtb.exe' in startup areas.
Cleaning 'C:\WINDOWS\tdtb.exe'
Finished Cleaning
  • 0

#30
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
*Download finditnt2000xp.zip
*Unzip the contents of finditnt2000xp.zip to a convenient location.
*Navigate to the Find It NT-2K-XP folder and double-click on find.bat.
*A command prompt will open and it will search your computer for malicious files.
*Once it has finished a Notepad window will pop up with output.txt.
*Copy the entire contents of output.txt into your next post.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP