Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr watson...again! [RESOLVED]


  • This topic is locked This topic is locked

#31
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi Greer

you downloaded process explorer yesterday

I gotta go, Cretemonster will sort this out for you, absolutely top man.

UKBiker
  • 0

Advertisements


#32
greer519

greer519

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Never mind...I had a brain fart...LOL, I dowloaded that program earlier at UKBikers request. Ok I shall go now and do what you asked. :tazz:
  • 0

#33
greer519

greer519

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Hi Greer

you downloaded process explorer yesterday

I gotta go, Cretemonster will sort this out for you, absolutely top man.

UKBiker

View Post



Thanks for your help :tazz:
  • 0

#34
greer519

greer519

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
!This program cannot be run in DOS mode.
Rich
.text
.rdata
.data
.rsrc
.aspack
.adata
vH[C
kq O
^-we{wJ
VHU
bHuX
ArN
YoA
bOVQz
QmXpN>
sfs
OAhMo
R<zg
Pvt
~oKe
LlU
yOO1!Dk
-YPC
n)LUj'@
nHG
pwF
gf4C
qno+U
COeB#W
L$pI7
EPN
Mw<j
ODl
fem
5LxA$
DJ;Y{
tOu
eDd
kiK
ZMd'F
y+yY
gTT
KUT
cXB"
nEl
+G"aI:
jpv
KX(M>
Hoh
JAvH
$mYI
Nof
MF_PL
LkeR
.?Ahc
hwI
LXW3-k
ulK
T8t`N
iBG
Jjn
rFr
gCXp{^
sCz
6ZRHa
}PRS
rts
s{kyrU
@KJR
&Vqz
WvK
QlP
(XQpQ`Pp
FAF
.(XQpP
}GRX
NT^H
2ogl)
xBdP
Lm?7u
LHa,
pgZ
5bJZ
tRlX`
R+lr[
oCf
eKYg
1w9WF
CO:hu
KJF
lrE
*zwX
3RWB2A
pAq
TDo
TWd
OAac%
rMS2
?JoJ
Dfa
.0suD\ui
.KIu^
@H&<Jg
O?T-V
xHS}
s<E'c
Jpd|+
'ZhB
^aH'z
eIH?
ErK'
wr7U
EZC
dKK
Rnri,3
YWg-
hwcm
<mQtT
nEl
R%ll
"rII
Foq"
esu
e4EH%dF
Dtt
8egk
pUMb
OmRT
KHvG2
wKF:X
50xtzt
G*H2H
sem+
bMY
XWV
qnX
ppr,
fCh
Ava
ipyA
JuCd
MCbO
Xl&y
qtk
LWr
ZIfh
-rXU
=x6JD
PDZ
m3JF
Emt
3\LYx\,
FmW!
{lWl
_dJy
r@hhV
\EL6U
Xlu
pemV
iYFo:
zMo
Pzp
Uin
xXd,>
ojZ
fnU
xEwz
2nxbIJH
RjW
iSX
aqJ:
C7LI
UkP
ySd
kszk
uBF=
Qa}n
s!Ol
tiNhO
Abb&
LeQ
vOv
jxm
Tta
LBF
wAXaB
Od(U
mZPT=
uNV&
zb)r
qqMvR
Bvc
Q'!'kx
BMe]
ZTxI
osY
'(3t{J3Lg
kts,
5"RAI
pEz
Ttn
MKPh}t<
[vek
Mnp
Pws
e%<|JM<
WKS{
kwL%-
xQa
OR>K
Rqi
`Vlc
Vhx
XUu
w}k^~Z
KJxt
xN}Jy\
"rlL-)
MRm
2FANaGYZ
q;Wzg
a3oE<
`grT
(rVg
kWN
9K[vjhk
UrT
po]vnm
vQY
AkOb
ZlH
N2."Vu
vJo
xWs
P<ar
ocd
`LdM
iKN
}sXm
^IR& C
:&X)si
G+>3F,o
Ut_9+rH
v/Ts"HtY.
VoX
SNw
44ltB
j)oX
rE\D[
kVaC1
jR%^M
L^2SJ
'XHL
Owxu
ZP90Viedq
RAP
i(aK
%apk
|%,t&r+kP
fGB?
OZp
MpI
]pVf(
rP+g
JGu(
YJP
bd&Ar
OKT
Z"*A4tN
YEZ
`CmL"
kl)5b
sFg
c}PPf
woS<
QLV
=BOl
Rhe
w*7fE
p.nvl
yzr
p.Bu
Xon
;dx.n
p Mv
~:ehsJ
SjR
vW:K
LPj
FG(R
sQd
!!SO1uL
Bkm}
OZAy?
R@Jk
gSz
we_d
eJP
fff8
fff
mRJ
BA'(iQ
UwU
lbS%
cjbI
eZ}E
t:UQ@e
bMGuc=+
qMo=
Xf,Y:
4_wk(S
DkOQ
e=Pg
ybX
nXC'
WfK!yt|
BLw
jpfZ
gptJB{M
OJf}
OniO
QWT(t
Fga-6
j:sv
0|tIN
rUC
acv0j$@
k1a[k|
KUX
48DuRK
AiX
cpMU
7phH
WrUV
'Uyp
$qOu
rGHv
GQc
'|EEO
NfI
2i|Bh
LS-i
/HMV
SD:/;dsL
zKC
IlF
$ABj{
8Zbj
Wv#F
6qdD
EWHky
dyn7
hSlR
TMw
vlB
pJK
b%zV
kTf
M#46Sa>
gZd
~s<h4eQ
lqo
LSF
>urg
IFD
s5w3g
qMZ?
QXoN
fH]?_W
H]Bah
+IW>k
tal
i5xw
a*BB
S##zj
YJR
p_Yy
vnJ
O>Gf6
R<sS
l`DWM
CvT
X/gC
kAA
5HeV
Zelk(
Lkv[
[]Eon
wDz
TEA
wyR
wRK
MOq|
$ICa0
Cmg
~Kml
S6vT
Ucw%mA
DSo
gyk
HqX
(IEI=
Q6S*F,
-iSn&
czE
ecMtw|
W!fC
gJyu
sE9l~U
nW=q
KKu
Y;hP
AKT
bWB
b"SF
h1)RV9
qQx[
jYu
CheN(
F{2g-1s>
kAP!
Iqx
hydr4
CMLg
pvG
ylh&
-\vtMs
9(DIG
-zm1~x
tfr
VQ<TL
Gh1S+
Wn~O
tY<[T
XOe
ZIL
h5cn
}pkk
P:k-W
SLy
d~7 R/c
I8SF
ayx>G
n=EE
C30au
Ai1X
pxQ
nkKk
Tpj
RMz v1
aFs
BFT~u
=Y'uB`
V7NE9
-^XQ?Z;
cTM
zoyO
O.Cx
`1d>-pbxB
FqdkA
Xei
ulXA
aPR
CoG
@aCVy8
X"pOs
1wo|b
zqw
MLO^
cBB
DFz
JUO
aST
nvgVqH.
SiT
2vkZ
Zf\LZ7T
kDL
yKm
kACR~6
HuH
ev!y
CbX9o
rf(p
uUWZ
VDPq
7Chk
XM$a
s tr
Fky
uzHz
jiQ
HMy
vAP]
{r6f7d
9u{f0e
F9gh
OiU
Kkx
kUbjT
gjc
yIr
ux]ZE
.{uep[
etN
WJ9nV)`BO
RhC_
eoH
OusQ
zMp
$6Gaw
HvCl
Lzb%
qRM48
FUo
eQo
LtI=
uxvdF
lOa?
n+ga
]kSW
VirtualAlloc
VirtualFree
PQVS
CCS
SWj
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
SUV
D4l|M
QSV
SVW
SUV
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
shlwapi.dll
wininet.dll
iphlpapi.dll
user32.dll
advapi32.dll
shell32.dll
StrNCatA
InternetGetConnectedState
GetAdaptersInfo
EnumWindows
RegSetValueA
ShellExecuteA
  • 0

#35
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Before proceeding,please double check the strings from the rapnjk.exe process once more and compare them to your last post!
If they match exactly,proceed,this is just to confirm nothing has changed!

Forward with Fix!!

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Open a blank notepad page and copy&paste the text in the quote box below into it!

REGEDIT4

[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fyxtngqg]



Now,Click File>> Click Save>> Go down and where it "Save as Type" make that "All Files" and Save it to the Desktop as "noqoo.reg"

Double Click "noqoo.reg" and allow it to merge into the registry!

Open Process Explorer Right Click on rapnjk.exe and Select "Suspend"

DO NOT Close Process Explorer after Suspending the Process!

Now Open Pocket Killbox

Copy&Paste Each entry below into Killbox and place a tick by "Delete on Reboot"

C:\WINDOWS\system32\rapnjk.exe

Click the Red Circle with the White X in the middle to Delete!

Click "Yes" to Confirm and Click "No" to Reboot

Do the Same for this entry

C:\WINDOWS\wupdt.exe

Click "Yes" to Confirm and Click "Yes" to Reboot

You may have to restart the PC yourself

Restart in Safe Mode and from the Nailfix folder double-click on Nailfix.cmd.

Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Open HijackThis and Scan the PC place a Check by these

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rapnjk.exe reg_run

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx

O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/do...askbar-inst.cab

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab

O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weat...uginstaller.cab

O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Make sure all Windows and Browsers are Closed and Click the "Fix Checked" Button

Restart Normal

1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.
  • 0

#36
greer519

greer519

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
slight problem.....I was trying to click "no" on the reboot question during the killbox part and my dog wacked my arm and I hit yes! So of course my computer restarted...now what? :tazz:
  • 0

#37
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
What else can you do at this point??

No Problems bro....we will get it sorted!

I assume it was rapnjk.exe correct?

Let me know?!

Edited by Cretemonster, 03 July 2005 - 06:49 PM.

  • 0

#38
greer519

greer519

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Yes it was right after I added rapnjk.exe to the killbox and I was suppossed to hit no on the reboot and ....well you know the rest now.
Dawn
  • 0

#39
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
All Clear....Thats the one I was worried about...Now go get that other one and finish up!

Let us know how the PC is running after a fresh Start!

The HijackThis log will tell most!
  • 0

#40
greer519

greer519

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
I tried the C:\WINDOWS\wupdt.exe in the killbox and it says "that file does not exist"
  • 0

Advertisements


#41
greer519

greer519

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Ok disregard my last post, I did the last thing you asked with the killbox, and restarted the computer and now waiting for whats next....
  • 0

#42
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
You followed all and had the PC scanned at Panda?

Make sure you follow the last 4 steps to insure we got everything!
  • 0

#43
greer519

greer519

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:20:57 AM, on 7/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\MoodLogic\Service\Updater.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\naip.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rapnjk.exe reg_run
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Smileycons] C:\Program Files\Smileycons\smileycons.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Aces Up! by pogo - http://game3.pogo.co...s-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo....a-ob-assets.cab
O16 - DPF: DigiChat Applet - http://host.digichat...s/Client_IE.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.co...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.co...w-ob-assets.cab
O16 - DPF: LiveWorld EZTalk 3.0 - http://live.liveworl...ezmed/ezmed.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.po...d-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat2.webmd.c...sie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23....es/MsnPUpld.cab
O16 - DPF: {6BC013D0-77D9-11D5-AB95-0050DA664D35} - https://myaccounts.n...r/Yodelizer.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinn...cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v44/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_3_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE







here is the Panda active scan results:


Incident Status Location

Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\rkiopeu.dll
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\uksqw.dll
Adware:Adware/AdBehavior No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\naip.exe
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\rapnjk.exe
Adware:Adware/AdBehavior No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\naip.exe
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Gator No disinfected C:\GatorPatch.log
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\FLEOK
Spyware:Spyware/BetterInet No disinfected Windows Registry
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\ritsacnk.dat
Adware:Adware/WinTools No disinfected Windows Registry
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/DelFinMedia No disinfected Windows Registry
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Owner\Application Data\Lycos
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\polall1r.inf
Adware:Adware/AdLogix No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/WUpd No disinfected C:\Program Files\windows adstatus
Adware:Adware/Coupons No disinfected Windows Registry
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\system32\stlb2.xml
Adware:Adware/BroadcastPC No disinfected Windows Registry
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\system32\kyf.dat
Adware:Adware/Funcade No disinfected C:\Program Files\Funcade
Adware:Adware/Novo No disinfected Windows Registry
Adware:Adware/Weirdontheweb No disinfected C:\Documents and Settings\Owner\Favorites\WeirdOnTheWeb.url
Adware:Adware/Apropos No disinfected C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\AlertSWF\contents\Exec.exe
Adware:Adware/AdBehavior No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\naip.exe
Adware:Adware/Weirdontheweb No disinfected C:\Documents and Settings\Owner\Favorites\WeirdOnTheWeb.url
Adware:Adware/Gator No disinfected C:\GatorPatch.log
Adware:Adware/PopCapLoader No disinfected C:\hjt\backups\backup-20050702-210419-366.inf
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6B060D77-CB0E-4B26-B9D2-7EAEE2\08036498-0518-40BE-8D75-23CA7C
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6B060D77-CB0E-4B26-B9D2-7EAEE2\7311C6B9-899F-489A-868D-FACFC6
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6B060D77-CB0E-4B26-B9D2-7EAEE2\7F9667A1-3C53-458A-A06D-C8FF15
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\6B060D77-CB0E-4B26-B9D2-7EAEE2\D1D4DD07-040C-403F-A65F-614863
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FDB51B03-0EF9-4C4F-B49E-47B7E7\01FDA9DC-7BCE-4351-97B8-1400BD
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FDB51B03-0EF9-4C4F-B49E-47B7E7\1EDCCEAF-F3A0-4EA2-A535-FF2EAB
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FDB51B03-0EF9-4C4F-B49E-47B7E7\45632657-01D9-40F1-8F37-D88E1E
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FDB51B03-0EF9-4C4F-B49E-47B7E7\6E8A991A-184E-4167-8308-24A4B0
Adware:Adware/Envolo No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20041023135117.zip[setup.inf]
Adware:Adware/Envolo No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20041023135117.zip[auto_update_uninstall.log]
Adware:Adware/SAHAgent No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20041228194137.zip[xmlparse_.dll]
Adware:Adware/SAHAgent No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20041228194137.zip[xmltok_.dll]
Adware:Adware/Sqwire No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20041228194223.zip[classify.dll]
Adware:Adware/Sqwire No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20041228194223.zip[tsuninst.exe]
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp\FNuninstaller.EXE
Adware:Adware/BrilliantDigitalNo disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq479.tmp\bdedata2.dll
Adware:Adware/MyWay No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq479.tmp\mysearch.cab
Adware:Adware/MyWay No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq479.tmp\mysearch.cab[mySetp.exe]
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq566.tmp\FNuninstaller.EX_[FNuninstaller.EXe]
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\58kd52fg.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\activeshopper.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adl_dh.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adl_hl.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adl_ibis_AS2.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adl_zeno.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\AdSmartMedia_bundle.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adv0ltc0m.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ast_5_adsav.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\b2s-162813.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Beryllium.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-goodyr1.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\cxt_big.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\cxt_wmg.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Decade.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\d_ic.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\e2g51.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\EDow_vl.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\gogotoolsSILAWO8pi.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\HLInstaller.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\icmedia2_56.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ICMMedia_1cmm3d1a.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\iehost.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\installcasino.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\KnNe1.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\mfsetup.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\newmb.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\new_vcm.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\NzI0MDo4OjEy.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\package8033_MARKETING5.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\pounder.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ropbundle.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\rop_marketing_1_168.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\runsearch.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\sahagent-dectest1001.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\sahagent-onlinetrafficbroker1001.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\sahagent-seedcorn1002.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\search_toolbar.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Setup1171.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setupactiv2.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\SetupCasino.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_Incredifind_TrafficSpec.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ssee.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\stlb2_seed.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ventura1.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\vrinstall_icmedia.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\winversion.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\polall1r.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\polmx2.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\qdbnukn.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\salm_gdf.dat
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system\UpdInst.exe
Adware:Adware/SaveNow No disinfected C:\WINDOWS\system32\ap2nqrd4.dat
Adware:Adware/QoolAid No disinfected C:\WINDOWS\system32\bamrnco.exe
Adware:Adware/SaveNow No disinfected C:\WINDOWS\system32\baur5s9q.dat
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\bqrufs5f.dat
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\system32\kyf.dat
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\pukba.dat
Adware:Adware/SaveNow No disinfected C:\WINDOWS\system32\q10pvbrv.dat
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\rapnjk.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\ritsacnk.dat
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\rkiopeu.dll
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\system32\stlb2.xml
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\uksqw.dll
Spyware:Spyware/ShopNav No disinfected C:\WINDOWS\unist2.exe
  • 0

#44
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Well Shite!!!!

This Changing Qoologic is really annoying!!!

Have you restarted the PC since the Panda Scan
  • 0

#45
greer519

greer519

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
No I havent restarted since the panda scan.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP