Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

abi-aurora infects me - help please [RESOLVED]


  • This topic is locked This topic is locked

#1
compuder

compuder

    Member

  • Member
  • PipPip
  • 24 posts
Why does aurora ABI only pop-up when I use IE or mozilla, it doesn't pop up when I use Netscape? Anyways, if someone can help I'd appreciate it, here's the hijack log:


Logfile of HijackThis v1.99.1
Scan saved at 1:49:22 PM, on 7/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\system32\Promon.exe
C:\program files\messenger\msngr.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
c:\windows\system32\dfxrcd.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\simba\Desktop\duck\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=24.34.241.9:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.*.*.*;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com/"); (C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg_1832.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [msngr] c:\program files\messenger\msngr.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_1832.dll"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [gbwl] C:\WINDOWS\gbwl.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [iksqmf] c:\windows\system32\qjgtyk.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [krjqrm] c:\windows\system32\dfxrcd.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Lgs] C:\WINDOWS\System32\bbavo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_1832.dll"
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [intfat32] C:\WINDOWS\system32\intfat32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B1} - http://www001.upp.so.....49Z/find.html (file missing)
O9 - Extra button: ANTIVIRUS - {0B5F1910-F111-11d2-BB9E-00C05F7956B2} - http://www001.upp.so.../antivirus.html (file missing)
O9 - Extra button: ENTERTAINMENT - {0B5F1910-F111-11d2-BB9E-00C05F7956B3} - http://www001.upp.so...4...IZ/ggo.html (file missing)
O9 - Extra button: SECURITY - {0B5F1910-F111-11d2-BB9E-00C05F7956B4} - http://www001.upp.so.....Z/warning.htm (file missing)
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B5} - http://www001.upp.so.../topsearch.html (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: World Poker Exchange - {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - C:\Program Files\WSEX Poker\GameClient.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://gid.homeip.ne...layerWeb11g.ocx
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi compuder and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.


DOWNLOAD PROGRAMS


Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates Do NOT run a scan yet. (if you already have, please just update)

Please download Nailfix from Here
click nailfix.exe and choose install, a new folder will be created on your desktop named nailfix
please do NOT run it yet.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.


THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Go to Start->Run and type in services.msc and hit OK. Then look for System Startup Service (SvcProc) and double click on it. Click on the Stop button and under Startup type, choose Disabled. (if present)

5. Once in Safe Mode, please double-click on
Nailfix.cmd Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

6. Now open and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

7. Close all browsers, windows and unneeded programs.

8. Open HiJack and do a scan.

9. Put a Check next to the following items:

O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg_1832.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater] regsvr32 /s C:\WINDOWS\System32\kdpupd.dll
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_1832.dll"
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [gbwl] C:\WINDOWS\gbwl.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [iksqmf] c:\windows\system32\qjgtyk.exe
O4 - HKLM\..\Run: [krjqrm] c:\windows\system32\dfxrcd.exe r
O4 - HKCU\..\Run: [Lgs] C:\WINDOWS\System32\bbavo.exe
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_1832.dll"
O4 - HKCU\..\Run: [intfat32] C:\WINDOWS\system32\intfat32.exe
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B1} - http://www001.upp.so.....49Z/find.html (file missing)
O9 - Extra button: ANTIVIRUS - {0B5F1910-F111-11d2-BB9E-00C05F7956B2} - http://www001.upp.so.../antivirus.html (file missing)
O9 - Extra button: ENTERTAINMENT - {0B5F1910-F111-11d2-BB9E-00C05F7956B3} - http://www001.upp.so...4...IZ/ggo.html (file missing)
O9 - Extra button: SECURITY - {0B5F1910-F111-11d2-BB9E-00C05F7956B4} - http://www001.upp.so.....Z/warning.htm (file missing)
O9 - Extra button: SEARCH - {0B5F1910-F111-11d2-BB9E-00C05F7956B5} - http://www001.upp.so.../topsearch.html (file missing)
O9 - Extra button: World Poker Exchange - {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - C:\Program Files\WSEX Poker\GameClient.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


10. click the Fix Checked box

11. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

MediaMotors
Ebates_MoeMoneyMaker
PCShield
Ebates_MoeMoneyMaker
Windows Media Player <---this program is infected. You can redownload it after we finish cleaning you up :tazz:
Kazaa Download Accelerator Updater <----- A file-sharing program which being ad-based includes "Cy-door" adware. Also a know source of infections


12. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\Windows Media Player
C:\Program Files\PeDevice
C:\WINDOWS\system32\nsvsvc
C:\WINDOWS\system32\picsvr
C:\Program Files\Ebates_MoeMoneyMaker
C:\Program Files\WSEX Poker


13. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\System32\sfg_1832.dll
C:\WINDOWS\System32\kdpupd.dll
C:\WINDOWS\farmmext.exe
C:\WINDOWS\gbwl.exe
C:\WINDOWS\system32\ap9h4qmo.exe
C:\WINDOWS\seeve.exe
c:\windows\system32\qjgtyk.exe
c:\windows\system32\dfxrcd.exe
C:\WINDOWS\System32\bbavo.exe
C:\WINDOWS\system32\intfat32.exe
C:\WINDOWS\svcproc.exe


14. Run the program CleanUp!

15. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

16. Please post an Active scan log , Ewido Scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#3
compuder

compuder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks Excal
I tried following your instructions but ran into a few problems.

1. I started in safe mode ok, then got started to run Ewido and forgot to print out the rest of the instructions, so I rebooted in normal mode, printed it out, then I couldnt get back to safe mode at all. So I did everything in normal mode.

2. It wouldnt let me delete the folder WINDOWS MEDIA PLAYER.

Anyways, I did everything else. I'll post a fresh log of activeScan, ewido and Hijack tomorrow or later if I have time.

compuder
  • 0

#4
compuder

compuder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Now I have some issues.
1. I can't boot into safe mode anymore, my computer locks up on a screen full of lines that say "multi(0)disk(0_rdisk(0)partition(1)\WINDOWS\System32\DRIVERS\xxxxx.sys" where xxxx.sys means ACPI.sys, pci.sys, etc.
2. My windows media player doesn't work at all anymore. I tried to reinstall it but it says it isnt compatible.

Anyways, if this doesnt work, I'LL JUST REFORMAT EVERYTHING, start from scratch so at least I still have windows media player working. Here's my latest scans that you requested.

======================================
Logfile of HijackThis v1.99.1
Scan saved at 12:12:16 PM, on 7/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\WINDOWS\system32\Promon.exe
C:\program files\messenger\msngr.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\simba\Desktop\duck\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=24.34.241.9:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.*.*.*;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com/"); (C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [msngr] c:\program files\messenger\msngr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [zqjzut] c:\windows\system32\hfgjliq.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://gid.homeip.ne...layerWeb11g.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

=============================================


activeScan:
=========================================

Incident Status Location

Adware:Adware/Transponder No disinfected c:\windows\system32\dmasmqo.exe
Adware:adware/topsearch No disinfected C:\PROGRAM FILES\KAZAA\TopSearch.dll
Spyware:spyware/tvmedia No disinfected C:\DOCUMENTS AND SETTINGS\SIMBA\APPLICATION DATA\tvmknwrd.dll
Spyware:spyware/surfsidekick No disinfected C:\DOCUMENTS AND SETTINGS\SIMBA\APPLICATION DATA\Sskknwrd.dll
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM32\winupdt.bin
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\SYSTEM32\mqexdlm.srg
Adware:adware/favoriteman No disinfected C:\WINDOWS\SYSTEM32\im64.dll
Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\q17i9a4j.ini
Adware:adware/savenow No disinfected C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
Adware:adware/sahagent No disinfected C:\WINDOWS\SYSTEM32\ritsacnk.dat
Adware:adware/keenvalue No disinfected C:\WINDOWS\SYSTEM32\setup_incred_7.exe
Adware:adware/toprebates No disinfected C:\WINDOWS\SYSTEM32\WebRebates_Auto_InstallSilent.exe
Adware:adware/apropos No disinfected C:\WINDOWS\SYSTEM32\auto_update_uninstall.log
Adware:adware/weirdontheweb No disinfected C:\DOCUMENTS AND SETTINGS\SIMBA\FAVORITES\WeirdOnTheWeb.url
Adware:adware/ncase No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ClientAX.inf
Adware:adware/transponder No disinfected C:\WINDOWS\INF\ceres.inf
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\farmmext.inf
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\banner.inf
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/dealhelper No disinfected C:\WINDOWS\dhdom1.bin
Spyware:spyware/adclicker No disinfected C:\WINDOWS\usta33.ini
Adware:adware/e2give No disinfected C:\PROGRAM FILES\E2G
Adware:adware/ezula No disinfected C:\PROGRAM FILES\eZula
Adware:adware/gator No disinfected C:\PROGRAM FILES\COMMON FILES\GMT
Adware:adware/delfinmedia No disinfected C:\WINDOWS\SYSTEM32\vmss
Adware:adware/p2pnetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking
Adware:adware/elitebar No disinfected C:\WINDOWS\EliteToolBar
Adware:adware/bookedspace No disinfected C:\WINDOWS\bsx32
Spyware:spyware/media-motor No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/M67M.OCX
Adware:adware/aurora No disinfected HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\MONITORS\ZEPMON
Adware:adware/ieplugin No disinfected HKEY_CURRENT_USER\SOFTWARE\INTEXP
Adware:adware/wintools No disinfected HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_WINTOOLSSVC
Spyware:spyware/altnet No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOPSEARCH.TSLINK
Adware:adware/topconvert No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TPUSN
Adware:adware/myway No disinfected HKEY_CLASSES_ROOT\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Adware:adware/virtualbouncer No disinfected HKEY_CLASSES_ROOT\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}
Adware:adware/navhelper No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\NHELPER.DLL
Spyware:spyware/dyfuca No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER
Adware:adware/looksmart No disinfected HKEY_CLASSES_ROOT\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Spyware:Spyware/Omi No disinfected C:\WINDOWS\system32\msnapl.dll
Spyware:Spyware/Omi No disinfected C:\WINDOWS\system32\mshpeb.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\dmasmqo.exe
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\system32\qqpyu.dat
Spyware:Spyware/Omi No disinfected C:\WINDOWS\system32\mscif.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\mqexdlm.srg
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\msglji.gif
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[msbe.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[Uninstall.exe]
Possible Virus. No disinfected C:\WINDOWS\system32\mac80ex.idf[bargains.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[adv.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[adx.exe]
Virus:Trj/Imk.A Disinfected C:\WINDOWS\system32\msnimk.gif
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\mseggo.gif
Spyware:Spyware/Omi No disinfected C:\WINDOWS\system32\msfdje.gif
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\SplWbr.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\msfaol.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\msiaih.dll
Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\setup_incred_7.exe
Possible Virus. No disinfected C:\WINDOWS\system32\KDP2af3.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking v126.cpl
Adware:Adware/EliteBar No disinfected C:\WINDOWS\system32\temperror32.dat
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\ceres.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\banner.inf
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.inf
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.dll
Virus:Trj/Downloader.MO Disinfected C:\WINDOWS\Downloaded Program Files\default.inf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\xmlparse_.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\xmltok_.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup.inf
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\unstall.exe
Virus:JS/Fortnight.L.worm Disinfected C:\WINDOWS\d.htm
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\fav.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\dating.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\casino.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\drugs.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\virus.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\fav-ico.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\dating-ico.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\casino-ico.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\EliteToolBar\xml\images\drugs-ico.bmp
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-27a89c6e-38d11ea5.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-3173f08e-160cf781.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-40d73b4c-72915395.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-66f3eebb-1c039a24.zip[a.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-66f3eebb-1c039a24.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-66f3eebb-1c039a24.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-43182502-100d3d3a.zip[a.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-43182502-100d3d3a.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-43182502-100d3d3a.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\playup_ro.jar-45c6f3d0-50054296.zip[Bubble.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\playup_ro.jar-45c6f3d0-50054296.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\playup_ro.jar-45c6f3d0-50054296.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\playup_ro.jar-45c6f3d0-50054296.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-5436b36c.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-5436b36c.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-5436b36c.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2ea80fb0-5436b36c.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-370143c9.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-370143c9.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-370143c9.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-370143c9.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-47cfe281-481cf7fd.zip[BB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-47cfe281-481cf7fd.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-47cfe281-481cf7fd.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-47cfe281-481cf7fd.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-47cfe281-481cf7fd.zip[BeyondInterface.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv255.jar-30cef831-389a3752.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv255.jar-30cef831-389a3752.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv255.jar-30cef831-389a3752.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv255.jar-30cef831-389a3752.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1af2ea14-405cff26.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1af2ea14-405cff26.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1af2ea14-405cff26.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1af2ea14-405cff26.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv79.jar-17518e14-50b5ef9a.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv79.jar-17518e14-50b5ef9a.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv79.jar-17518e14-50b5ef9a.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv79.jar-17518e14-50b5ef9a.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-60319b0b-2e6220dd.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-60319b0b-2e6220dd.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-60319b0b-2e6220dd.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-60319b0b-2e6220dd.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-735ce738.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-735ce738.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-735ce738.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-735ce738.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-2087c52b.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-2087c52b.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-2087c52b.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-2087c52b.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc41b-3b5ac0c5.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc41b-3b5ac0c5.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc41b-3b5ac0c5.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc41b-3b5ac0c5.zip[Installer.class]
Virus:Trj/Classloader.I Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-30275291.zip[b.class]
Virus:Exploit/BytVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-30275291.zip[c.class]
Virus:Exploit/BytVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-30275291.zip[a.class]
Virus:Trj/Downloader.DIS Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-30275291.zip[d.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-25c143f6-2489e2d3.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-25c143f6-2489e2d3.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-25c143f6-2489e2d3.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\simba\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-25c143f6-2489e2d3.zip[Installer.class]
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\GMT\egIEEngine.dll
Spyware:Spyware/Altnet No disinfected C:\Program Files\Kazaa\TopSearch.dll
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\CashBack\bb_click_wider.swf
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\CashBack\bb_auto_wider.swf
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\CashBack\bb_welcome.html
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\CashBack\bb_welcome1.swf
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\CashBack\icon.gif
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\CashBack\logo.gif
  • 0

#5
compuder

compuder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here's my win.ini and my system.ini
==================================
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
MAPIX=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo2
asx=MPEGVideo2
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo2
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo2
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo2
wm=MPEGVideo2
wma=MPEGVideo2
wmp=MPEGVideo2
wmv=MPEGVideo2
wmx=MPEGVideo2
wvx=MPEGVideo2
wpl=MPEGVideo
[annie]
VideoDevice=1
AudioDevice=0
FrameRate=333333
CaptureAudio=1
WantPreview=1
CaptureCC=0
MasterStream=-1

==============================
; for 16-bit app support

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
  • 0

#6
compuder

compuder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
here's my boot.ini
======================
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
  • 0

#7
compuder

compuder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
HERE'S MY SAFEBOOT.TXT
=========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\nm]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\nm.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\sharedaccess]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\UploadMgr]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
We need to get into safe mode for this fix. I will research this and see what I can come up wtih. Can you try again to get into safe mode please.


Thanks,

Excal
  • 0

#9
compuder

compuder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok I got some more help, I'll update what's going on now.
- I can go into safe mode now, I ran Ewido in safe mode, then Cleanup. I'll post the latest ewido and the latest hijack log below.
- I still cannot get Windows Media Player to install 9 or 10. I had to rollback to version 6.4.09 and that doesn't work with IE 6.0 or Netscape 7.02 (which I have). When I try to install the latest WMP, it says it's not compatible with my version of windows. I have XP home edition.

Well, here's my logs, except for ActiveScan, I didnt have time to do that yet:
================================================
Logfile of HijackThis v1.99.1
Scan saved at 3:37:54 PM, on 7/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\system32\Promon.exe
C:\program files\messenger\msngr.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\simba\Desktop\duck\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=24.34.241.9:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.*.*.*;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com/"); (C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [msngr] c:\program files\messenger\msngr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [zqjzut] c:\windows\system32\hfgjliq.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://gid.homeip.ne...layerWeb11g.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

===========================================
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:10:45 PM, 7/18/2005
+ Report-Checksum: 359F347

+ Scan result:

:mozilla.75:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.82:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.84:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.85:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.86:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.87:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.88:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.89:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.90:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.92:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP549\A0153887.exe -> Adware.BetterInternet : Cleaned with backup


::Report End
  • 0

#10
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Try this again:

Lets get this straighen up, then we will work on the media player problem. :tazz:


THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Go to Start->Run and type in services.msc and hit OK. Then look for System Startup Service (SvcProc) and double click on it. Click on the Stop button and under Startup type, choose Disabled. (if present)

5. Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)

C:\WINDOWS\Nail.exe

6. Once in Safe Mode, please double-click on
Nailfix.cmd Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

7. Now open and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

8. Close all browsers, windows and unneeded programs.

9. Open HiJack and do a scan.

10. Put a Check next to the following items:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [zqjzut] c:\windows\system32\hfgjliq.exe r
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)


11. click the Fix Checked box

12. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\Nail.exe
C:\WINDOWS\wupdt.exe
c:\windows\system32\hfgjliq.exe
C:\WINDOWS\svcproc.exe


13. Run the program CleanUp!

14. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

15. Please post an Active scan log , Ewido Scan log and a fresh
  • 0

Advertisements


#11
compuder

compuder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I'll try to do this and post it tomorrow sometime, I dont have time this evening. I'll post the logs when I'm done.
  • 0

#12
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Sounds good



Excal
  • 0

#13
compuder

compuder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here's my latest logs. I'll do it in 3 posts to make it easier for you.
===========================
Logfile of HijackThis v1.99.1
Scan saved at 8:09:37 AM, on 7/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\simba\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=24.34.241.9:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.*.*.*;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com/"); (C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [msngr] c:\program files\messenger\msngr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://gid.homeip.ne...layerWeb11g.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#14
compuder

compuder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:10:45 PM, 7/18/2005
+ Report-Checksum: 359F347

+ Scan result:

:mozilla.75:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.82:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.84:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.85:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.86:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.87:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.88:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.89:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.90:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.92:C:\Documents and Settings\simba\Application Data\Mozilla\Profiles\default\oxq4cqu3.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\System Volume Information\_restore{C4187BA9-7563-4EFE-B482-C14A20ABCB6F}\RP549\A0153887.exe -> Adware.BetterInternet : Cleaned with backup


::Report End
  • 0

#15
compuder

compuder

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
activeScan
===================================
Incident Status Location

Adware:adware/topsearch No disinfected C:\PROGRAM FILES\KAZAA\TopSearch.dll
Spyware:spyware/tvmedia No disinfected C:\DOCUMENTS AND SETTINGS\SIMBA\APPLICATION DATA\tvmknwrd.dll
Spyware:spyware/surfsidekick No disinfected C:\DOCUMENTS AND SETTINGS\SIMBA\APPLICATION DATA\Sskknwrd.dll
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM32\winupdt.bin
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\SYSTEM32\mqexdlm.srg
Adware:adware/favoriteman No disinfected C:\WINDOWS\SYSTEM32\im64.dll
Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\q17i9a4j.ini
Adware:adware/savenow No disinfected C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
Adware:adware/sahagent No disinfected C:\WINDOWS\SYSTEM32\ritsacnk.dat
Adware:adware/keenvalue No disinfected C:\WINDOWS\SYSTEM32\setup_incred_7.exe
Adware:adware/toprebates No disinfected C:\WINDOWS\SYSTEM32\WebRebates_Auto_InstallSilent.exe
Adware:adware/apropos No disinfected C:\WINDOWS\SYSTEM32\auto_update_uninstall.log
Adware:adware/weirdontheweb No disinfected C:\DOCUMENTS AND SETTINGS\SIMBA\FAVORITES\WeirdOnTheWeb.url
Adware:adware/ncase No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ClientAX.inf
Adware:adware/transponder No disinfected C:\WINDOWS\INF\ceres.inf
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\farmmext.inf
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\banner.inf
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/dealhelper No disinfected C:\WINDOWS\dhdom1.bin
Spyware:spyware/adclicker No disinfected C:\WINDOWS\usta33.ini
Adware:adware/e2give No disinfected C:\PROGRAM FILES\E2G
Adware:adware/exact.cashback No disinfected C:\PROGRAM FILES\CashBack
Adware:adware/ezula No disinfected C:\PROGRAM FILES\eZula
Adware:adware/gator No disinfected C:\PROGRAM FILES\COMMON FILES\GMT
Adware:adware/delfinmedia No disinfected C:\WINDOWS\SYSTEM32\vmss
Adware:adware/p2pnetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking
Adware:adware/bookedspace No disinfected C:\WINDOWS\bsx32
Spyware:spyware/media-motor No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/M67M.OCX
Adware:adware/wintools No disinfected HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_WINTOOLSSVC
Spyware:spyware/altnet No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOPSEARCH.TSLINK
Adware:adware/topconvert No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TPUSN
Adware:adware/myway No disinfected HKEY_CLASSES_ROOT\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Adware:adware/virtualbouncer No disinfected HKEY_CLASSES_ROOT\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}
Adware:adware/navhelper No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\NHELPER.DLL
Spyware:spyware/dyfuca No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\INTERNET OPTIMIZER
Adware:adware/looksmart No disinfected HKEY_CLASSES_ROOT\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}
Adware:adware/topmoxie No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{6685509E-B47B-4f47-8E16-9A5F3A62F683}
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Spyware:Spyware/Omi No disinfected C:\WINDOWS\system32\msnapl.dll
Spyware:Spyware/Omi No disinfected C:\WINDOWS\system32\mshpeb.dll
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\system32\qqpyu.dat
Spyware:Spyware/Omi No disinfected C:\WINDOWS\system32\mscif.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\mqexdlm.srg
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\msglji.gif
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[msbe.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[Uninstall.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[adv.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[adx.exe]
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\mseggo.gif
Spyware:Spyware/Omi No disinfected C:\WINDOWS\system32\msfdje.gif
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\SplWbr.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\msfaol.dll
Spyware:Spyware/ClientMan No disinfected C:\WINDOWS\system32\msiaih.dll
Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\setup_incred_7.exe
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking v126.cpl
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\ceres.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\banner.inf
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.inf
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\clientax.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\xmlparse_.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\xmltok_.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup.inf
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\unstall.exe
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\GMT\egIEEngine.dll
Spyware:Spyware/Altnet No disinfected C:\Program Files\Kazaa\TopSearch.dll
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\CashBack\bb_click_wider.swf
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\CashBack\bb_auto_wider.swf
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\CashBack\bb_welcome.html
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\CashBack\bb_welcome1.swf
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\CashBack\icon.gif
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\CashBack\logo.gif
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP