Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Reginix86g

Started by bethany r. , Aug 14 2007 11:38 AM

Please log in to reply

#16
bethany r.

Posted 18 September 2007 - 11:23 PM

Member

Topic Starter
Member
43 posts

Incident Status Location

Adware:adware/savenow Not disinfected Windows Registry
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
Virus:Trj/Gaodrop.A Disinfected C:\My Downloads\kaspersky 7 0 0 120 full with crack[www.pirateuropa.com]\Setup.exe
Virus:Trj/Gaodrop.A Disinfected C:\My Downloads\kaspersky 7 0 0 120 full with crack[www.pirateuropa.com].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\My Downloads\Kaspersky Anti - Virus 6 0 0 299 pro + Key + Manual rar.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\My Downloads\Kaspersky Internet Security (v7 0 0 125) + KeyGen.zip[Setup.exe]
Virus:W32/SimpleP2P.A.worm Disinfected C:\My Downloads\Kaspersky Internet Security 6.0.1.411 crack(1)\Kaspersky Internet Security 6.0.1.411 crack.exe[run.exe]
Adware:Adware/Seekmo Not disinfected C:\My Downloads\Kaspersky Internet Security 6.0.1.411 crack(1)\Kaspersky Internet Security 6.0.1.411 crack.exe[zgo.exe]
Virus:W32/SimpleP2P.A.worm Disinfected C:\My Downloads\Kaspersky Internet Security 6.0.1.411 crack(1).zip[Kaspersky Internet Security 6.0.1.411 crack.exe][run.exe]
Adware:Adware/Seekmo Not disinfected C:\My Downloads\Kaspersky Internet Security 6.0.1.411 crack(1).zip[Kaspersky Internet Security 6.0.1.411 crack.exe][zgo.exe]
Virus:W32/SimpleP2P.A.worm Disinfected C:\My Downloads\Kaspersky Internet Security 6.0.1.411 crack.zip[Kaspersky Internet Security 6.0.1.411 crack.exe]
Virus:Trj/Gaodrop.A Disinfected C:\My Downloads\Kaspersky Internet Security 7.0.0.60 key and crack.zip[Setup.exe]
Adware:Adware/ActiveSearch Not disinfected C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\aidhakwk.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\apvhgenn.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\cijvwdjd.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\cnovkcdd.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\csvkrcdf.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\dpmdpmhx.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\fopsybsm.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\gmsmelsm.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\guwfjmga.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\ldfditah.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\ldplihtn.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\piwdhlvl.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\syykatci.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\ttdfpfbt.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\ujvchdtt.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\vblpkrmj.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\wlajirtv.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\xltukyao.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\xnjohlqn.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\ydfiuvph.dll.bad.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\VundoFix Backups\yyussoxs.dll.bad.vir
Adware:Adware/DigInk Not disinfected C:\QooBox\Quarantine\C\WINDOWS\rau001978.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\aurcgveb.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kwjdaalt.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qwjvoswn.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tvjixwph.dll.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx
Logfile of HijackThis v1.99.1
Scan saved at 10:23:08 PM, on 9/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\worm\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://phoenix.cox....i/internettools
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~2\BEARSH~1\MediaBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: My Essentials Wireless USB Utility.lnk = C:\Program Files\My Essentials\USB ME1001-USB\Wireless Utility\O-Maxwcui.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe

#17
bethany r.

Posted 19 September 2007 - 09:53 AM

Member

Topic Starter
Member
43 posts

i deleted the files that it said was a virus.... the spyware files that come up have to do with vundofix?????

Edited by bethany r., 19 September 2007 - 09:57 AM.

#18
racenutalways

Posted 19 September 2007 - 12:32 PM

Member 1K

Retired Staff
1,675 posts

Did it get better, then suddenly ran slowly?? Are you able to run Panda or Kaspersky online scanner?

Let's do a deep scan.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Close ALL OTHER PROGRAMS.
Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

#19
bethany r.

Posted 20 September 2007 - 10:08 PM

Member

Topic Starter
Member
43 posts

WinPFind3 logfile created on: 9/20/2007 8:58:53 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

255.48 Mb Total Physical Memory | 146.65 Mb Available Physical Memory | 57.40% Memory free
618.70 Mb Paging File | 339.04 Mb Available in Paging File | 54.80% Paging File free
Paging file location(s): c:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 40.64 Gb Free Space | 70.97% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: WORMAXE-227YW34
Current User Name: Administrator
Logged in as Administrator.
Cannot determine boot mode.

[Processes - Non-Microsoft Only]
myspaceim.exe -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.716.0 | Size = 5562368 bytes | Modified Date = 8/13/2007 5:04:18 PM | Attr = ]
sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.0.38 | Size = 810576 bytes | Modified Date = 5/17/2007 12:02:18 PM | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.23 | Size = 708176 bytes | Modified Date = 5/17/2007 12:02:22 PM | Attr = ]
swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.60 | Size = 1302272 bytes | Modified Date = 12/30/2003 6:27:20 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AVP) Kaspersky Internet Security 7.0 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 218376 bytes | Modified Date = 6/28/2007 12:51:38 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Stopped] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 10:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.0.28 | Size = 503608 bytes | Modified Date = 9/5/2007 6:03:42 PM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Stopped] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -> File not found
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 10, 1, 1, 2 | Size = 69632 bytes | Modified Date = 3/14/2005 12:05:02 PM | Attr = ]
(sdAuxService) Spyware Doctor Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.0.23 | Size = 708176 bytes | Modified Date = 5/17/2007 12:02:22 PM | Attr = ]
(sdCoreService) Spyware Doctor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.0.60 | Size = 1302272 bytes | Modified Date = 12/30/2003 6:27:20 PM | Attr = ]
(Venturi2) Venturi2 Client [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Venturi2\Client\VentC.exe -> Fourelle Systems, Inc [Ver = 1, 0, 0, 1 | Size = 868352 bytes | Modified Date = 7/18/2002 1:28:50 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 218376 bytes | Modified Date = 6/28/2007 12:51:38 PM | Attr = ]
BearShare -> %ProgramFiles%\BearShare\BearShare.exe -> MusicLab, LLC [Ver = 6.1.0.36802 | Size = 7820728 bytes | Modified Date = 8/22/2007 4:01:02 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 61.0.163.000 | Size = 49152 bytes | Modified Date = 12/15/2005 11:18:50 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.0.28 | Size = 267064 bytes | Modified Date = 9/5/2007 6:03:52 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
PinnacleDriverCheck -> %System32%\PSDrvCheck.exe -> [Ver = 1.0.0.63 | Size = 406016 bytes | Modified Date = 3/10/2004 4:26:10 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Avance Logic, Inc. [Ver = 5.0.07 | Size = 46592 bytes | Modified Date = 9/10/2002 7:57:20 PM | Attr = R ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 61.0.163.000 | Size = 282624 bytes | Modified Date = 12/15/2005 11:40:44 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll -> Kaspersky Lab [Ver = 7.0.0.125 | Size = 91400 bytes | Modified Date = 6/28/2007 12:51:42 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 9/11/2007 6:06:46 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://search.bearsh...ar.html?src=ssb ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> https://phoenix.cox....i/internettools ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{F6104497-54FD-4688-9162-5115CC8AB0FB} [HKLM] -> %ProgramFiles%\BearShare applications\BearShare MediaBar\MediaBar.dll [XBTP01621 Class] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 562872 bytes | Modified Date = 3/20/2007 8:27:48 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} [HKLM] -> %ProgramFiles%\BearShare applications\BearShare MediaBar\MediaBar.dll [BearShare MediaBar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 562872 bytes | Modified Date = 3/20/2007 8:27:48 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> Reg Data - Value does not exist [ButtonText: Web Anti-Virus statistics] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ ->
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{11526D13-67A4-4C19-BCAA-A94A89210FCE} -> (My Essential G USB Adapter) ->
{1319C98A-86C6-4D40-B694-AFCD0609A811} -> (My Essential G USB Adapter) ->
{4D50F814-1391-4108-B489-FB32C8C351EC} -> (My Essential G USB Adapter) ->
{858B9A2D-3C12-4239-A893-A821BACB7D75} -> () ->
{89F2EA26-2F47-40BC-8A7E-335BE786D345} -> () ->
{DCAE2484-A04F-4CD8-AEF1-7F7D5ED9782E} -> () ->
{F2A3555F-9336-4B9F-AAF9-769EDC84FB4C} -> (1394 Net Adapter) ->
{F8E67DFA-E924-4C1E-97C2-176428D78B89} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries00000000001 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000002 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000003 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000004 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000005 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000006 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000007 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000008 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000009 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000010 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000011 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000012 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000013 -> vvlsp.dll -> File not found
Protocol_Catalog9\Catalog_Entries00000000019 -> vvlsp.dll -> File not found
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0000000A-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.micr...0367/wmavax.CAB ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204 ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.micr...922/wmv9VCM.CAB ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} -> DivXBrowserPlugin Object - CodeBase = http://go.divx.com/p...owserPlugin.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macr...ash/swflash.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files/Folders - Created Within 30 days]
9C9.tmp -> %SystemDrive%\9C9.tmp -> [Ver = | Size = 210644992 bytes | Created Date = 9/9/2007 9:25:48 PM | Attr = ]
My Downloads -> %SystemDrive%\My Downloads -> [Folder | Created Date = 9/6/2007 5:53:41 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 9/7/2007 8:18:46 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 9/7/2007 8:18:46 PM | Attr = H ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 9/5/2007 10:55:42 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 9/7/2007 8:15:31 PM | Attr = ]
actskn45.ocx -> %System32%\actskn45.ocx -> SoftShape Development [Ver = 4, 50, 0, 0 | Size = 483328 bytes | Created Date = 9/11/2007 6:41:50 PM | Attr = ]
pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 129784 bytes | Created Date = 9/12/2007 11:57:41 PM | Attr = ]
pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 66296 bytes | Created Date = 9/12/2007 11:57:41 PM | Attr = ]
pxcpyi64.exe -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 120056 bytes | Created Date = 9/12/2007 11:57:41 PM | Attr = ]
pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.02.09a | Size = 518904 bytes | Created Date = 9/12/2007 11:57:41 PM | Attr = ]
pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 64760 bytes | Created Date = 9/12/2007 11:57:41 PM | Attr = ]
pxinsi64.exe -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 118520 bytes | Created Date = 9/12/2007 11:57:41 PM | Attr = ]
pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 1628920 bytes | Created Date = 9/12/2007 11:57:41 PM | Attr = ]
cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 9336 bytes | Created Date = 9/12/2007 11:57:41 PM | Attr = ]
cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 9464 bytes | Created Date = 9/12/2007 11:57:41 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
9C9.tmp -> %SystemDrive%\9C9.tmp -> [Ver = | Size = 210644992 bytes | Modified Date = 9/9/2007 9:29:10 PM | Attr = ]
My Downloads -> %SystemDrive%\My Downloads -> [Folder | Modified Date = 9/18/2007 10:26:20 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 9/11/2007 6:43:04 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 9/18/2007 11:23:58 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 9/20/2007 7:27:22 PM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 9/18/2007 11:42:46 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 9/18/2007 9:45:30 PM | Attr = S]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 9/18/2007 9:52:34 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/26/2007 6:13:46 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 9/7/2007 8:18:38 PM | Attr = HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 9/12/2007 11:55:00 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 9/18/2007 11:52:44 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 9/7/2007 8:18:48 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 9/10/2007 9:49:44 PM | Attr = H ]
system32 -> %System32% -> [Folder | Modified Date = 9/18/2007 10:10:52 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 9/7/2007 8:15:32 PM | Attr = S]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 9/20/2007 7:47:46 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 858 bytes | Modified Date = 9/14/2007 10:04:46 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 9/7/2007 8:15:34 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 9/18/2007 11:42:46 PM | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 9/18/2007 10:01:12 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 9/11/2007 6:37:20 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 9/18/2007 10:02:20 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 8/26/2007 6:13:38 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 9/20/2007 7:28:10 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 9/18/2007 8:06:04 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 9/18/2007 8:06:02 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 9/18/2007 8:06:04 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 9/18/2007 10:10:36 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 9/18/2007 7:53:30 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 9/5/2007 10:53:30 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 2413856 bytes | Modified Date = 9/18/2007 11:52:56 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 33116 bytes | Modified Date = 9/17/2007 12:36:18 AM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 48928 bytes | Modified Date = 9/18/2007 11:49:36 PM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 5564 bytes | Modified Date = 9/17/2007 12:36:18 AM | Attr = HS]
klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 82061 bytes | Modified Date = 9/3/2007 6:01:24 PM | Attr = ]
klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 81549 bytes | Modified Date = 9/3/2007 6:01:26 PM | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 374 bytes | Modified Date = 9/18/2007 11:44:26 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
File scan skipped for file %SystemDrive%\9C9.tmp -> File size too big (210644992 bytes) ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 8/15/2007 3:30:56 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]

< End of report >

#20
racenutalways

Posted 23 September 2007 - 02:28 PM

Member 1K

Retired Staff
1,675 posts

P2P - I see you have P2P software (i.e. Bearshare) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Run OTMoveit and delete the following entries:

C:\WINDOWS\system32\9C9.tmp
C:\WINDOWS\system32\actskn45.ocx
C:\QooBox
C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...ar.html?src=ssb
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~2\BEARSH~1\MediaBar.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Click here to download AVG Anti Rootkit and save it to your desktop.

Double-click on the AVG Anti-Rootkit Free file to run it.
Click "I Agree" to agree to the EULA.
By default it will install to "G:\Program Files\GRISOFT\AVG Anti-Rootkit Beta".
Click "Next" to begin the installation then click "Install".
It will then ask you to reboot now to finish the installation.
Click "Finish" and your computer will reboot.
After it reboots, double-click on the AVG Anti-Rootkit shortcut that is now on your desktop.
Click on the "Perform in-depth search" button to begin the scan.
The scan will take a while so be patient and let it complete.
When the scan is finished, click the "Save result to file" button.
Save the scan results to your desktop then come back here to copy and paste the results in your next reply to this thread.

#21
bethany r.

Posted 07 October 2007 - 06:38 PM

Member

Topic Starter
Member
43 posts

I had nothing to save, it didnt find anything.

#22
racenutalways

Posted 09 October 2007 - 02:37 PM

Member 1K

Retired Staff
1,675 posts

Seeing that it's been a while since we have done scans, let me know exactly how the pc is behaving and re-run hijackthis and also combofix and post those results. And also a Panda Scan. But first clean out your temp folder and cookies by running ATF cleaner.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you also use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you also use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Delete this folder C:/Qoobox and also C:\My Downloads\kaspersky folder before you get re-infected again. Keygens are synonymous with the worse viruses on the planet, they are known to infect essential OS files. The only way to recover from those is to re-format, not always. But a often.