Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Scanner Twain problems

Started by Ardent , Dec 28 2005 02:42 PM

Please log in to reply

#16
coachwife6

Posted 30 December 2005 - 12:38 PM

SuperStar

Retired Staff
11,413 posts

Should I go ahead and perform the other tasks you suggested anyway?

yes.

#17
Ardent

Posted 30 December 2005 - 03:12 PM

Member

Topic Starter
Member
155 posts

I ran adaware and found 51 tracking cookies I ran the online Panda spy/virus ware and got this.I downloaded the free trial version of Panda and hope to get rid of these items

Incident Status Location

Virus:W32/Netsky.P.worm Not disinfected Personal Folders\Inbox\Re: Delivery Server\msg.doc .pif
Virus:W32/Netsky.P.worm Not disinfected Personal Folders\Inbox\Re: read it immediately\excel document.scr
Virus:W32/Netsky.Y.worm Not disinfected Personal Folders\Friends\Delivery failure notice (ID-00000BC7)\www.thelma.com.helma.session-00000BC7.com
Virus:W32/Netsky.P.worm Not disinfected Personal Folders\Friends\details.zip[document.txt .exe]
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2C2BB064-6C23-4E5E-9434-F46835\ED1724F7-CBFD-4046-A118-48DFDC
Adware:Adware/SurfAccuracy Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\882C6221-AA79-4C78-B3BD-EABD32\7F75C8B9-1E5D-4418-AF0C-6E16D9
Virus:Eicar.Mod Not disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
Adware:Adware/NavHelper Not disinfected C:\Program Files\PestPatrol\Quarantine\20040722210130328.zip[NHUninstaller.exe]
Virus:Trj/Downloader.ACG Not disinfected C:\Program Files\PestPatrol\Quarantine\20041110074657546.zip[IEHost.to_be_deleted]
Adware:Adware/NavHelper Not disinfected C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip[nhelper.dll]
Adware:Adware/NavHelper Not disinfected C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip[nhuninstaller.exe]
Adware:Adware/NavHelper Not disinfected C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip[nhupdater.exe]
Adware:Adware/NavHelper Not disinfected C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip[v2.0.4c.c.cab]
Adware:Adware/NavHelper Not disinfected C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip[NHelper.dll]
Adware:Adware/NavHelper Not disinfected C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip[NHUninstaller.exe]
Adware:Adware/NavHelper Not disinfected C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip[NHUpdater.exe]
Adware:Adware/NavHelper Not disinfected C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip[nhelper.to_be_deleted]
Adware:Adware/NavHelper Not disinfected C:\Program Files\PestPatrol\Quarantine\20041119081111718.zip[nhelper.to_be_deleted]
Adware:Adware/eZula Not disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[mscb.dll]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[bb_welcome1.swf]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[bb_welcome.html]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[icon.gif]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[cashback.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[cb.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[flash.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[nls.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[flash.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[cb.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[cashback.exe]
Adware:Adware/Beginto Not disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[winb2s32.dll]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050105081445.zip[bargains.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[temp.fr1CE3]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[temp.fr258C]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[temp.fr317C]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[temp.fr8A7A]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[temp.frC965]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[temp.frF823]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[exul1.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[exul2.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[nvms.dll]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[nls.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[javexulm.vxd]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[msbe.dll]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[bargains.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[adv.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[adx.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[mqexdlm.srg]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[exdl.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[mqexdlm.srg]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[exul.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[javexulm.vxd]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[msexreg.exe]
Hacktool:HackTool/SRunner.B Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[instsrv.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[exclean.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[temp.fr70C5]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050109160444.zip[exclean.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050113080433.zip[temp.fr7B3D]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050113080433.zip[temp.frD766]
Adware:Adware/eZula Not disinfected C:\Program Files\PestPatrol\Quarantine\20050113080433.zip[temp.frFD61]
Adware:Adware/VirtualBouncer Not disinfected C:\Program Files\PestPatrol\Quarantine\20050122215739.zip[VBouncerInner.EXE]
Adware:Adware/VirtualBouncer Not disinfected C:\Program Files\PestPatrol\Quarantine\20050122215739.zip[virtualbouncer.exe]
Adware:Adware/WUpd Not disinfected C:\Program Files\PestPatrol\Quarantine\20050330081653.zip[AdmilliServX.dll]
Spyware:Spyware/Apropos Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[ace.dll]
Spyware:Spyware/Apropos Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[CxtPls.dll]
Spyware:Spyware/Apropos Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[cxtpls.exe]
Spyware:Spyware/Apropos Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[proxystub.dll]
Spyware:Spyware/Apropos Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[uninstaller.exe]
Spyware:Spyware/Apropos Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[wingenerics.dll]
Adware:Adware/SAHAgent Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[qh4mkbv9.dll]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[msexreg.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[exdl.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[mqexdlm.srg]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[exul.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[javexulm.vxd]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[msexreg.exe]
Hacktool:HackTool/SRunner.B Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[instsrv.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[exclean.exe]
Adware:Adware/SAHAgent Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[q17i9a4j.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[icon.gif]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[logo.gif]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bb_click_wider.swf]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bb_welcome1.swf]
Hacktool:HackTool/SRunner.B Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[instsrv.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[javexulm.vxd]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bb_auto_wider.swf]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[exdl1.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[exul.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[exul1.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[exclean.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[exdl.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[exdl0.exe]
Virus:Trj/Multidropper.NB Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[ahadp.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[angelex.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[uninstall.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[adv.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[adx.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bb_welcome.html]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bargains.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[autoheal.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[msbe.dll]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[Uninstall.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bargains.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[adv.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[adx.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[nvms.dll]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bb_auto_wider.swf]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bb_click_wider.swf]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bb_welcome.html]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bb_welcome1.swf]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[cashback.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[cb.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[flash.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[icon.gif]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[logo.gif]
Adware:Adware/Dyfuca Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[optimize313.exe]
Adware:Adware/Dyfuca Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[nem220.dll]
Adware:Adware/Dyfuca Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[optimize.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[exul3.exe]
Spyware:Spyware/Apropos Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[auf0.exe]
Spyware:Spyware/Apropos Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[setup.inf]
Spyware:Spyware/Apropos Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[auto_update_uninstall.exe]
Adware:Adware/Ucmore Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[UCmore Tour.lnk]
Adware:Adware/WinTools Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[edow.exe]
Adware:Adware/Ucmore Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[iucmore.dll]
Adware:Adware/Ucmore Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[ucmtsaie.dll]
Adware:Adware/SAHAgent Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[a95kfrhe.exe]
Adware:Adware/SAHAgent Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[u6f6uftuc_.exe]
Adware:Adware/Ucmore Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[ucmoreiex.exe]
Adware:Adware/eZula Not disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[mscb.dll]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bb_auto_wider.swf]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bb_click_wider.swf]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bb_welcome1.swf]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[bb_welcome.html]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[icon.gif]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[logo.gif]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[cashback.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[cb.exe]
Adware:Adware/Exact.BargainBuddyNot disinfected C:\Program Files\PestPatrol\Quarantine\20050430105415.zip[flash.exe]
Adware:Adware/nCase Not disinfected C:\Program Files\PestPatrol\Quarantine\20050521154625.zip[Del8A.tmp]
Adware:Adware/nCase Not disinfected C:\Program Files\PestPatrol\Quarantine\20050727123928.zip[180sainstaller.exe]
Adware:Adware/Dyfuca Not disinfected C:\Program Files\PestPatrol\Quarantine\20050727123928.zip[tct101.dll]
Adware:Adware/BrilliantDigitalNot disinfected C:\Program Files\PestPatrol\Quarantine\383
Spyware:Spyware/Altnet Not disinfected C:\Program Files\PestPatrol\Quarantine\384
Adware:Adware/BrilliantDigitalNot disinfected C:\Program Files\PestPatrol\Quarantine\386
Adware:Adware/BrilliantDigitalNot disinfected C:\Program Files\PestPatrol\Quarantine\388
Adware:Adware/Exact.SearchBar Not disinfected C:\WINDOWS\Downloaded Program Files\installer_MEDIAWHIZ2.exe
Adware:Adware/TopConvert Not disinfected C:\WINDOWS\Downloaded Program Files\mp3.ocx
Adware:Adware/SideStep Not disinfected C:\WINDOWS\SbCIe0261.dll
Adware:Adware/eZula Not disinfected C:\WINDOWS\ttil_sbc.exe

#18
coachwife6

Posted 30 December 2005 - 03:15 PM

SuperStar

Retired Staff
11,413 posts

Ardent:

It doesn't show that you have pest patrol, but did you have it at one time?

#19
Ardent

Posted 30 December 2005 - 04:30 PM

Member

Topic Starter
Member
155 posts

Yes i have it on my pc. I think I disabled it so I don't think its running anymore. I did download Panda and "disinfected the items it found. Does it do viruses and spyware too? I still haven't done the scan that is done in safe mode I'll do that next.Can I have Panda and Spyware Doctor running at the same time?

Thanks

#20
Ardent

Posted 30 December 2005 - 05:37 PM

Member

Topic Starter
Member
155 posts

Ok got the last ttest done in safe mode rkfiles. here is the log

C:\My Downloads\applications\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\SYSTEM32\AuthDVD.DLL: UPX!
C:\WINDOWS\SYSTEM32\B4FM.dll: UPX!
C:\WINDOWS\SYSTEM32\dprsx.dll: UPX!
C:\WINDOWS\SYSTEM32\fmod.dll: UPX!
C:\WINDOWS\SYSTEM32\DFRG.MSC: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\daemon.dll: UPX!
C:\WINDOWS\DynDNS.exe: UPX!
Finished
bye
Again thanks for your patience and assistance

#21
coachwife6

Posted 30 December 2005 - 09:09 PM

SuperStar

Retired Staff
11,413 posts

OK. We need to run Ewido.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files.

Run Ewido:

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with ewido it is finding cases of false positives.
* You will need to step through the process of cleaning files one-by-one.
* If ewido detects a file you KNOW to be legitimate, select none as the action.
* DO NOT select "Perform action on all infections"
* If you are unsure of any entry found select none for now.
* When the scan is finished, click the Save report button at the bottom of the screen.
* Save the report to your desktop

Close Ewido

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.
Please double-click Killbox.exe to run it.
Select:
- Delete on Reboot
- then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\SYSTEM32\dprsx.dll
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

REBOOT TO NORMAL MODE

Download and install CleanUp!
NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

Empty Recycle Bins
Delete Cookies
Delete Prefetch files (if present)
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

It may ask you to log-off/reboot at the end, if it does please do so.

Do an online scan of Panda again.

Take note the names and locations of any file it detects but fails to clean.

Give me a panda scan log and a hijack this log and an ewido log. :tazz:

#22
Ardent

Posted 30 December 2005 - 09:51 PM

Member

Topic Starter
Member
155 posts

ok running edwido but I am a little unsure about the killbox stuff
your instructions are....

Save it to your desktop.
Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

Ok I highlight the files copy to the clipboard but what is this reference?
C:\WINDOWS\SYSTEM32\dprsx.dll..I am not sure what I am suppose to do with this?

Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at an.....

I know this is complicated stuff ( at least for me ) so I want to be careful that I don't screw things up

Thanks

#23
coachwife6

Posted 30 December 2005 - 09:59 PM

SuperStar

Retired Staff
11,413 posts

Highlight this file C:\WINDOWS\SYSTEM32\dprsx.dll and paste it into killbox to be killed. :tazz:

#24
Ardent

Posted 30 December 2005 - 10:12 PM

Member

Topic Starter
Member
155 posts

Ok I guess this will be more evident when I actually run the program,, maybe I'll understand it better, meanwhile I'm at 53% on edwido and it found alot of file I had in quarantine with pest patrol....wish me luck

here is the edwido log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:30:53 PM, 12/30/2005
+ Report-Checksum: A4B60B21

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Cleaned with backup
C:\Documents and Settings\Aaron\Cookies\[email protected][1].txt -> Spyware.Cookie.Adocean : Cleaned with backup
C:\Documents and Settings\Aaron\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Aaron\Cookies\aaron@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Aaron\Cookies\[email protected][1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Aaron\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Aaron\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Aaron\Cookies\[email protected][2].txt -> Spyware.Cookie.Adocean : Cleaned with backup
C:\Documents and Settings\Aaron\Cookies\aaron@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiggajsloawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Aaron\Cookies\aaron@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmickdzihoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Aaron\Cookies\aaron@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Aaron\Local Settings\Temporary Internet Files\Content.IE5\N019NGGW\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Mark\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Mark\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\3hf7o1j8.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkyggdzobpq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.I12 : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokoazehowydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyckdzwapqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyekcpoeqamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Cookies\mark@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyaoc5klpg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\JV3UNH4W\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\882C6221-AA79-4C78-B3BD-EABD32\AB0DE294-56A2-43C4-9C26-E10BB6 -> Spyware.SurfAccuracy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\DE101F34-A1FA-46D4-806C-477C25\F317818E-7B4F-40ED-A0DF-2A4ECB -> Downloader.IstBar : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20040501130110468.zip/WINDOWS/wt/wtupdates/wtwebdriver/files/3.3.1.001/wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20041110074657546.zip/WINDOWS/SYSTEM32/IEHost.to_be_deleted -> Downloader.Turown.i : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip/Program Files/navexcel/navhelper/v2.0.4c/nhelper.dll -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip/Program Files/navexcel/navhelper/v2.0.4c/nhuninstaller.exe -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip/Program Files/navexcel/navhelper/v2.0.4c/nhupdater.exe -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip/Program Files/navexcel/NavHelper/v2.0.4c/v2.0.4c.c.cab/NHelper.dll -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip/Program Files/navexcel/NavHelper/v2.0.4c/v2.0.4c.c.cab/NHUninstaller.exe -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip/Program Files/navexcel/NavHelper/v2.0.4c/v2.0.4c.c.cab/NHUpdater.exe -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20041113163919046.zip/Program Files/navexcel/NavHelper/v2.0.4c/nhelper.to_be_deleted -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20041119081111718.zip/Program Files/navexcel/NavHelper/v2.0.4c/nhelper.to_be_deleted -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050105081445.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr063C/WINDOWS/SYSTEM32/psis80ex.ax/C:/WINDOWS/system32/mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050105081445.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr063C/WINDOWS/SYSTEM32/psis80ex.ax/C:/Program Files/CashBack/bin/cashback.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050105081445.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr063C/WINDOWS/SYSTEM32/psis80ex.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050105081445.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr063C/WINDOWS/SYSTEM32/psis80ex.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050105081445.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr063C/Program Files/navisearch/bin/nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050105081445.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr063C/Program Files/cashback/bin/flash.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050105081445.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr063C/Program Files/cashback/bin/cb.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050105081445.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr063C/Program Files/cashback/bin/cashback.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050105081445.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr063C/WINDOWS/system32/winb2s32.dll -> Spyware.Beginto : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050105081445.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr063C/Program Files/bullseye network/bin/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr1CE3 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr258C -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr317C -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr8A7A -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/Documents and Settings/Mark/Local Settings/Temp/temp.frC965 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/Documents and Settings/Mark/Local Settings/Temp/temp.frF823 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/exul1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/exul2.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/javex80.vxd/C:/WINDOWS/system32/nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/mac80ex.idf/C:/WINDOWS/system32/msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/mac80ex.idf/C:/Program Files/BullsEye Network/bin/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/netut80ex.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/netut80ex.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/netut80ex.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/netut80ex.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/netut80ex.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/netut80ex.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050109160444.zip/WINDOWS/SYSTEM32/netut80ex.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050113080433.zip/Documents and Settings/Mark/Local Settings/Temp/temp.fr7B3D -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050113080433.zip/Documents and Settings/Mark/Local Settings/Temp/temp.frD766 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050113080433.zip/Documents and Settings/Mark/Local Settings/Temp/temp.frFD61 -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Program Files/cxtpls/ace.dll -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Program Files/cxtpls/CxtPls.dll -> Downloader.Apropo.w : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Program Files/cxtpls/cxtpls.exe -> Downloader.Apropo.r : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Program Files/cxtpls/wingenerics.dll -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/qh4mkbv9.dll -> Adware.SAHA : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/netut80ex.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/netut80ex.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/netut80ex.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/netut80ex.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/netut80ex.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/netut80ex.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/netut80ex.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/q17i9a4j.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/exdl1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/exul1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/exdl0.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/ahadp.exe -> Spyware.BargainBuddy.n : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/angelex.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Program Files/bullseye network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Program Files/bullseye network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/autoheal.exe -> Spyware.BargainBuddy.n : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/SYSTEM32/mac80ex.idf/C:/WINDOWS/system32/msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/SYSTEM32/mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/SYSTEM32/mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/SYSTEM32/nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Program Files/cashback/bin/cb.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Program Files/cashback/bin/flash.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Program Files/internet optimizer/update/optimize313.exe -> Downloader.Dyfuca : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/nem220.dll -> Downloader.Dyfuca : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/optimize.exe -> Downloader.Dyfuca.dk : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Program Files/internet optimizer/optimize.exe -> Downloader.Dyfuca : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/SYSTEM32/exul3.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Documents and Settings/Mark/local settings/temp/auf0.exe -> Downloader.Apropos.s : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/system32/auto_update_uninstall.exe -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Documents and Settings/Mark/Local Settings/Temp/WToolsB.dll -> Spyware.Wintol : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/edow.exe -> Downloader.Wintool.e : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Program Files/thesearchaccelerator/iucmore.dll -> Spyware.UCmore : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/Program Files/thesearchaccelerator/ucmtsaie.dll -> Spyware.UCmore : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/a95kfrhe.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/Downloaded Program Files/u6f6uftuc_.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/SYSTEM32/psis80ex.ax/C:/WINDOWS/system32/mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/SYSTEM32/psis80ex.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050430105415.zip/WINDOWS/SYSTEM32/psis80ex.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050521154625.zip/Documents and Settings/Mark/Local Settings/Temp/Del8A.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050727123928.zip/Documents and Settings/Mark/local settings/temp/180sainstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050727123928.zip/Documents and Settings/Mark/local settings/temp/180sainstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20050727123928.zip/WINDOWS/tct101.dll -> Downloader.Dyfuca.eg : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\385 -> Spyware.Altnet : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\387 -> Adware.BrilliantDigital : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.RiskWare.Downloader.PopCap.a : Cleaned with backup

::Report End

Edited by Ardent, 30 December 2005 - 10:32 PM.

#25
Ardent

Posted 30 December 2005 - 10:40 PM

Member

Topic Starter
Member
155 posts

I ran Killbox but it doesn't seem to be doing anything. I selected delete at boot and then push the all files button. I assume that some files should appear in the drop down menu under full path to delete ( this is where I would put the c:\windows\systems32\dprsx.dll file right?)
But nothing is happening...am I doing something wrong or is the program malfunctioning?

Thanks

Should I skip this and run CleanUp. I have XP home edition

Edited by Ardent, 30 December 2005 - 10:43 PM.

#26
coachwife6

Posted 30 December 2005 - 10:44 PM

SuperStar

Retired Staff
11,413 posts

Just finish the ewido log and give me the results along with the rootkit analysis again. Also, a hijack this log. You are doing great. :tazz:

#27
Ardent

Posted 30 December 2005 - 10:59 PM

Member

Topic Starter
Member
155 posts

Hijack log
Logfile of HijackThis v1.99.1
Scan saved at 6:55:46 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\DynDNS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\hijakthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DynDNS Updater] "C:\WINDOWS\DynDNS.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab40641.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133192277095
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com...tiveXWebCam.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

#28
Ardent

Posted 30 December 2005 - 11:00 PM

Member

Topic Starter
Member
155 posts

Rootkit

C:\My Downloads\applications\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\SYSTEM32\AuthDVD.DLL: UPX!
C:\WINDOWS\SYSTEM32\B4FM.dll: UPX!
C:\WINDOWS\SYSTEM32\dprsx.dll: UPX!
C:\WINDOWS\SYSTEM32\fmod.dll: UPX!
C:\WINDOWS\SYSTEM32\DFRG.MSC: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\daemon.dll: UPX!
C:\WINDOWS\DynDNS.exe: UPX!
Finished
bye

#29
Ardent

Posted 30 December 2005 - 11:01 PM

Member

Topic Starter
Member
155 posts

Ewido log

Logfile of HijackThis v1.99.1
Scan saved at 6:55:46 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\DynDNS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\hijakthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DynDNS Updater] "C:\WINDOWS\DynDNS.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab40641.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1133192277095
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com...tiveXWebCam.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

#30
coachwife6

Posted 30 December 2005 - 11:12 PM

SuperStar

Retired Staff
11,413 posts

* Please go to Jotti's malware scan
* Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
o C:\WINDOWS\SYSTEM32\dprsx.dll
* Click on the submit button
* Please post the results in your next reply.