Jump to content

DK64_MASTER

Anti-Spyware Brigade
  • Content Count

    3,716
  • Joined

  • Last visited

About DK64_MASTER

  • Rank
    Inflammable means flammable?
  • Birthday 02/07/1986

Contact Methods

  • AIM
    DK64MASTERCUBE
  • Website URL
    http://inst.eecs.berkeley.edu/~agill/
  • ICQ
    0
  • Yahoo
    DK64MASTER

Profile Information

  • Location
    San Jose, CA
  • Interests
    Baksetball, cars, computers, videogames, DVD authoring.

Previous Fields

  1. \o/ Now maybe we can get the pitcrew back into the top 40 like we were 2 years ago! Great job Devan! Hopefully this will encourage others to support the pit, and we can once again come off as one of the elite 50!!
  2. Thank you so much!!! I already use spywareblaster, adaware, and spyboy search and destroy, but I will be sure to take a look at the other links
  3. Ah, nevermind, it appears I was confused on what bitdefender and avg did. I did all what you told me to do. I disabled system restore, rebooted, and enabled it. Here's the final HJT log: Logfile of HijackThis v1.99.1 Scan saved at 10:47:13 AM, on 4/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Softwin\BitDefender8\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT2\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - Startup: [email protected] 5.03.lnk = C:\Program Files\[email protected]\winFAH.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O15 - Trusted Zone: http://*.download.microsoft.com O15 - Trusted Zone: http://*.update.microsoft.com O15 - Trusted Zone: http://*.windowsupdate.microsoft.com O16 - DPF: ActiveGS.cab - http://virtualapple.org/activegs.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120614987440 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136501044079 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) I think the trusted zones were put in by Dial-a-fix. I hope everything looks clean!
  4. HJT log: Logfile of HijackThis v1.99.1 Scan saved at 6:52:53 PM, on 4/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Softwin\BitDefender8\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\Program Files\AIM\aim.exe C:\Program Files\X-Chat 2\xchat.exe C:\Program Files\utorrent\utorrent.exe C:\HJT2\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - Startup: [email protected] 5.03.lnk = C:\Program Files\[email protected]\winFAH.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O15 - Trusted Zone: http://*.download.microsoft.com O15 - Trusted Zone: http://*.update.microsoft.com O15 - Trusted Zone: http://*.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.microsoft.com O16 - DPF: ActiveGS.cab - http://virtualapple.org/activegs.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120614987440 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136501044079 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) So what about those quarantine files? I have 2 antiviruses installed (AVG and bitdefender), a bunch of other exes... I think we've beating this bug .
  5. I have held back on installing the new version of java. I well get to it right now. Windows updates work fine if I go to the main site and click "custom" Also, should I delete the bitdefender quarantine files? EDIT: HOOOOOOOOORAAAAAAAAAAY!! Dial-a-fix solved the update problems!! Thanks so much!!!! Now all that's left is that weird dll. I will provide a new HJT log in a new post just for good measure.
  6. Killbox log: Pocket Killbox version 2.0.0.881 Running on Windows XP as Amar(Administrator) was started @ Tuesday, April 03, 2007, 4:13 PM Killbox Closed(Exit) @ 4:15:13 PM __________________________________________________ Pocket Killbox version 2.0.0.881 Running on Windows XP as Amar(Administrator) was started @ Tuesday, April 03, 2007, 4:15 PM # 1 [Delete on Reboot] Path = C:\WINDOWS\system32\taskrgm.exe # 2 [Delete on Reboot] Path = C:\DOCUME~1\Amar\LOCALS~1\Temp\crasos.exe # 3 [Delete on Reboot] Path = C:\DOCUME~1\username\LOCALS~1\Temp\Cn911.exe # 4 [Delete on Reboot] Path = C:\DOCUME~1\username\LOCALS~1\Temp\Cn911.exe # 5 [Delete on Reboot] Path = C:\DOCUME~1\Amar\LOCALS~1\Temp\iexpl0re.exe I Rebooted @ 4:17:45 PM Killbox Closed(Exit) @ 4:17:48 PM __________________________________________________ Pocket Killbox version 2.0.0.881 Running on Windows XP as Amar(Administrator) was started @ Tuesday, April 03, 2007, 4:22 PM Killbox Closed(Exit) @ 4:24:07 PM __________________________________________________ Pocket Killbox version 2.0.0.881 Running on Windows XP as Amar(Administrator) was started @ Wednesday, April 04, 2007, 5:26 PM # 1 [Delete on Reboot] Path = C:\WINDOWS\system32\nwlpri.dll I Rebooted @ 5:32:40 PM Killbox Closed(Exit) @ 5:32:42 PM __________________________________________________ Pocket Killbox version 2.0.0.881 Running on Windows XP as Amar(Administrator) was started @ Wednesday, April 04, 2007, 5:36 PM HJT: Logfile of HijackThis v1.99.1 Scan saved at 5:39:16 PM, on 4/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Softwin\BitDefender8\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT2\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - Startup: [email protected] 5.03.lnk = C:\Program Files\[email protected]\winFAH.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: ActiveGS.cab - http://virtualapple.org/activegs.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120614987440 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136501044079 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Recycler was already empty. It seems bitdefender has moved all those those nasties somewhere to its quarantine place. Should I go empty the quarantine files? Also, the registry entry for nwl.pri is still there. I still cannot enable automatic updates.
  7. new bitdefender log: [ ] Ignore [X] Disinfect [ ] Delete [ ] Copy to quarantine [ ] Move to quarantine [ ] Rename [ ] Prompt user Second action [ ] Ignore [ ] Delete [ ] Copy to quarantine [X] Move to quarantine [ ] Rename [ ] Prompt user Scan options [X] Enable warnings [X] Enable heuristics [ ] Show all files in log [X] Report file: vscan.log [ ] Append to existing report Summary: C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\foxitreader\gmzavhen.dll.vir Suspect Generic.Malware.Fdldg.2565C127 C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\foxitreader\gmzavhen.dll.vir Disinfection failed C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\foxitreader\gmzavhen.dll.vir Moved C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\foxitreader\wlpxwice.dll.vir Suspect Generic.Malware.Fdldg.2565C127 C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\foxitreader\wlpxwice.dll.vir Disinfection failed C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\foxitreader\wlpxwice.dll.vir Moved C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\foxitreader\zdgvmjau.dll.vir Suspect Generic.Malware.Fdldg.2565C127 C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\foxitreader\zdgvmjau.dll.vir Disinfection failed C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\foxitreader\zdgvmjau.dll.vir Moved C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\Grisoft\AVG Anti-Spyware 7.5\wftbvaxz.dll.vir Suspect Generic.Malware.Fdldg.631E8609 C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\Grisoft\AVG Anti-Spyware 7.5\wftbvaxz.dll.vir Disinfection failed C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\Grisoft\AVG Anti-Spyware 7.5\wftbvaxz.dll.vir Moved C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\Intel\Wireless\Bin\ejunjgdp.dll.vir Suspect Generic.Malware.Fdldg.2565C127 C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\Intel\Wireless\Bin\ejunjgdp.dll.vir Disinfection failed C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\Intel\Wireless\Bin\ejunjgdp.dll.vir Moved C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\Internet Explorer\xiodqlzt.dll.vir Suspect Generic.Malware.Fdldg.2565C127 C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\Internet Explorer\xiodqlzt.dll.vir Disinfection failed C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\Internet Explorer\xiodqlzt.dll.vir Moved C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\X-Chat 2\phpglqwj.dll.vir Suspect Generic.Malware.Fdldg.631E8609 C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\X-Chat 2\phpglqwj.dll.vir Disinfection failed C:\RECYCLER\S-1-5-21-3041384506-2576806245-3432160194-1006\Dc8\Quarantine\07-04-03\Program Files\X-Chat 2\phpglqwj.dll.vir Moved C:\WINDOWS\system32\nwlpri.dll Infected BehavesLike:Trojan.WUDisable C:\WINDOWS\system32\nwlpri.dll Disinfection failed C:\WINDOWS\system32\nwlpri.dll Moved The stuff in the recycler is prety much benign, as they seemed to have come from quarantine. Alas, I forgot about nwlpri.dll. What should I do? EDIT: From this website (I can't read chinese) http://72.14.253.104/search?q=cache:L7biq-...;cd=1&gl=us They reference the dll file, and it's corresponding registry entry. I can confirm that my windows updates have been disabled, and I cannot enable them. I have found the registry key that they talk about in this post, but I won't remove it without someone else confirming it.
  8. Just an update to this topic: Most of the bugfixes have been done in the HJT topic here: http://forums.pcpitstop.com/index.php?showtopic=138386 I'm pretty sure I'm bug free (running 1 more scan). Big thanks to Jacee, Juliet, Wademan, and the whole PCPitstop Crew!
  9. Actually, FYI, the second regfix should be named fix2.reg, not fix.reg2. You may want to fix that in-case someone else has this same problem. (I'm computer-savvy enough to recognize file extensions ) BitDefender is running (slowly) will have the log up within the next few hours. I'm feeling very optimistic . I think I'll go into hiding too. Would a full format of its contents get rid of the viruses? (don't worry, I won't format it on this computer, maybe a computer with linux on it)
  10. Well I wasn't for a while. I had to do some crazy view source things, and copy and past javascript urls into the explorer bar. I got IE working now (I had a friend send me iexplore.exe, I hope doing that action wasn't illegal, but oh well). I will do the aformentioned things right now. It seems that most, if not all of the pests are gone now . I will post back a bitdefender log in a few hours. (I am away from my computer now). Thanks again, and look for my edit. I don't see this checked entry called security I don't see a "temporary internet files" button. I see a cache tab, and and option to clear the cache. I did that. Or I could manually delete the cache. my "temp" folder is empty, which is good news. Instead of running cleanmngr, can I just run Stephen Gould's Cleanup? cleanmgr can be very slow at times. The reg fixes were successful. I will do the bitdefender scan soon.
  11. Sorry for the double post, but I seemed to have some CWS crap according to panda, should I try out the famous cool web shredder? -Thanks in advance.
  12. HJT: Logfile of HijackThis v1.99.1 Scan saved at 6:45:03 PM, on 4/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\System32\alg.exe C:\Program Files\AIM\aim.exe C:\Program Files\X-Chat 2\xchat.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\FOXITR~1\FOXITR~1.EXE C:\Documents and Settings\Amar\Desktop\OTMoveIt.exe C:\HJT2\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - Startup: [email protected] 5.03.lnk = C:\Program Files\[email protected]\winFAH.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: ActiveGS.cab - http://virtualapple.org/activegs.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120614987440 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136501044079 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe OT Log: File/Folder C:\DOCUMENTS AND SETTINGS\Amar\LOCAL SETTINGS\Temp\iexpl0re.exe not found. File/Folder C:\DOCUMENTS AND SETTINGS\Amar\LOCAL SETTINGS\Temp\crasos.exe not found. File/Folder C:\Program Files\SpyAxe\spyaxe.exe not found. File/Folder C:\\DOCUMENTS AND SETTINGS\Amar\LOCAL SETTINGS\Temp\Cn913.Exe not found. Created on 04/03/2007 18:42:56 I had a spyaxe infestation a year ago, but I think we fixed that. I remember using smithfraud to clean up the mess. Smithfraud log: SmitFraudFix v2.162 Scan done at 18:46:58.66, Tue 04/03/2007 Run from C:\Documents and Settings\Amar\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\System32\alg.exe C:\Program Files\AIM\aim.exe C:\Program Files\X-Chat 2\xchat.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\FOXITR~1\FOXITR~1.EXE C:\Documents and Settings\Amar\Desktop\OTMoveIt.exe C:\HJT2\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Amar »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Amar\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Amar\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{924F2367-59EC-4E84-87E4-3C0209E47EE5}: DhcpNameServer=194.168.8.100 194.168.4.100 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E9609B2D-2535-4051-B82D-697251797F83}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{924F2367-59EC-4E84-87E4-3C0209E47EE5}: DhcpNameServer=194.168.8.100 194.168.4.100 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E9609B2D-2535-4051-B82D-697251797F83}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{924F2367-59EC-4E84-87E4-3C0209E47EE5}: DhcpNameServer=194.168.8.100 194.168.4.100 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E9609B2D-2535-4051-B82D-697251797F83}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{924F2367-59EC-4E84-87E4-3C0209E47EE5}: DhcpNameServer=194.168.8.100 194.168.4.100 HKLM\SYSTEM\CS3\Services\Tcpip\..\{E9609B2D-2535-4051-B82D-697251797F83}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Panda and avg coming soon Hopefully those tornadoes aren't too bad! Panda log: Incident Status Location Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-33de4130-49ecf8d4.zip[GetAccess.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-33de4130-49ecf8d4.zip[insecureClassLoader.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-33de4130-49ecf8d4.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-33de4130-49ecf8d4.zip[installer.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f7fb66c-6f623b67.zip[blackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f7fb66c-6f623b67.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f7fb66c-6f623b67.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f7fb66c-6f623b67.zip[beyond.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5ccfdeef-4443932d.zip[blackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5ccfdeef-4443932d.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5ccfdeef-4443932d.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5ccfdeef-4443932d.zip[beyond.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-4cf2508a-72e283b7.zip[GetAccess.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-4cf2508a-72e283b7.zip[NewSecurityClassLoader.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-4cf2508a-72e283b7.zip[NewURLClassLoader.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-4cf2508a-72e283b7.zip[installer.class] Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2898a363-423255d0.zip[GetAccess.class] Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2898a363-423255d0.zip[installer.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2898a363-423255d0.zip[NewSecurityClassLoader.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-2898a363-423255d0.zip[NewURLClassLoader.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-762b5a16-39623327.zip[Matrix.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-762b5a16-39623327.zip[Counter.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-762b5a16-39623327.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Amar\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv599.jar-762b5a16-39623327.zip[Parser.class] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Amar\Cookies\[email protected][1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Amar\Desktop\SDFix.exe[sDFix\apps\Process.exe] Virus:Trj/Lineage.DAR Disinfected C:\QooBox\Quarantine\07-04-03\WINDOWS\system32\cmdbcs.dll.vir Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Seems like most of the stuff is byte verifies which I've had before. Cool Web Search stuff annoys me but that's definitely fixable, and the other stuff in quarantine, and false positives, which you've mentioned processor.exe is one. FINALLY AVG REPORT: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 8:42:06 PM 4/3/2007 + Scan result: C:\Documents and Settings\Amar\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\Amar\Cookies\[email protected][2].txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Amar\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Amar\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP257\A0018282.exe -> Trojan.OnLineGames.lc : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP257\A0018319.exe -> Trojan.OnLineGames.lc : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP257\A0019339.exe -> Trojan.OnLineGames.lc : Cleaned. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0022349.exe -> Trojan.OnLineGames.lc : Cleaned. ::Report end
  13. Panda log and avg log is coming up in the next 1-4 hours. It takes a long time to scan my system. :/ I'm doing panda first, just giving you a heads up. And it has found a lot of stuff. Once again, thanks for all your help. I hope I can return the favor like I used to before I got busy.
  14. This is before the panda active scan, but dc++ is a popular peer to peer network that is spyware free (it's distributed on sourceforge as open source software). And I use it for legal purposes only. See here: http://dcplusplus.sourceforge.net/ Is this file infected, or just suspicious. I can remove it, by just uninstalling it...
  15. Scanned that file: AntiVir Found TR/Delphi.Downloader.Gen ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found BehavesLike:Trojan.WUDisable (probable variant) ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Bad!! Currently running the other scans (look for my edit) OT LOG (Before restart) File/Folder C:\DOCUME~1\Amar\LOCALS~1\Temp\crasos.exe not found. Folder move failed. C:\SDFix\backups\HOSTS scheduled to be moved on reboot. C:\SDFix\backups moved successfully. Created on 04/03/2007 17:31:54 Combofix Log: "Amar" - 07-04-03 17:33:30 Service Pack 2 ComboFix 07-04-04 - Running from: "C:\Documents and Settings\Amar\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\foxitreader\gmzavhen.dll C:\Program Files\foxitreader\wlpxwice.dll C:\Program Files\foxitreader\zdgvmjau.dll C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\wftbvaxz.dll C:\Program Files\Intel\Wireless\Bin\ejunjgdp.dll C:\Program Files\Internet Explorer\xiodqlzt.dll C:\Program Files\X-Chat 2\phpglqwj.dll C:\WINDOWS\DOWNLO~1.\Quarantine\ppqdb.dat C:\WINDOWS\DOWNLO~1.\Quarantine\ppqsdb.dat C:\WINDOWS\system32\cmdbcs.dll C:\WINDOWS\DOWNLO~1.\Quarantine ((((((((((((((((((((((((((((((( Files Created from 2007-03-03 to 2007-04-03 )))))))))))))))))))))))))))))))))) 2007-04-03 16:55 <DIR> d-------- C:\WINDOWS\LastGood 2007-04-03 16:13 <DIR> d-------- C:\!KillBox 2007-04-03 16:03 <DIR> drahs---- C:\autorun.inf 2007-04-03 09:44 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-04-03 09:35 <DIR> d-------- C:\HJT2 2007-04-03 02:36 <DIR> d-------- C:\startups 2007-04-03 02:35 <DIR> d-------- C:\HJT 2007-04-03 01:28 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DoctorWeb 2007-04-03 01:07 <DIR> d-------- C:\DOCUME~1\Amar\DoctorWeb 2007-04-03 00:26 <DIR> d-------- C:\sysclean 2007-04-02 23:30 307 --a------ C:\WINDOWS\system32\permil.dll 2007-03-30 00:11 <DIR> d-------- C:\Program Files\PokerStars 2007-03-29 12:37 <DIR> d-------- C:\Program Files\Teamspeak2_RC2 2007-03-28 15:36 <DIR> d-------- C:\DOCUME~1\Amar\APPLIC~1\teamspeak2 2007-03-24 15:30 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-03-24 15:30 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-03-24 15:30 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-03-07 22:49 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-03-07 22:45 <DIR> dr-h----- C:\MSOCache (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-03 17:36 -------- d-------- C:\Program Files\x-chat 2 2007-04-03 17:36 -------- d-------- C:\Program Files\foxitreader 2007-04-03 11:44 -------- d-------- C:\DOCUME~1\Amar\APPLIC~1\x-chat 2 2007-04-03 11:44 -------- d-------- C:\DOCUME~1\Amar\APPLIC~1\utorrent 2007-04-03 01:47 -------- d-------- C:\Program Files\[email protected] 2007-03-17 23:52 -------- d-------- C:\Program Files\spywareblaster 2007-03-07 23:35 45992 --a------ C:\DOCUME~1\Amar\APPLIC~1\gdipfontcachev1.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk" "backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check" "item"="America Online 9.0 Tray Icon" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digital Line Detect.lnk" "backup"="C:\\WINDOWS\\pss\\Digital Line Detect.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\DIGITA~1\\DLG.exe " "item"="Digital Line Detect" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\QuickBooks Update Agent.lnk" "backup"="C:\\WINDOWS\\pss\\QuickBooks Update Agent.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Intuit\\QUICKB~1\\QBUpdate\\qbupdate.exe " "item"="QuickBooks Update Agent" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Amar^Start Menu^Programs^Startup^BitTorrent.lnk] "path"="C:\\Documents and Settings\\Amar\\Start Menu\\Programs\\Startup\\BitTorrent.lnk" "backup"="C:\\WINDOWS\\pss\\BitTorrent.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\BITTOR~1\\BITTOR~1.EXE " "item"="BitTorrent" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Amar^Start Menu^Programs^Startup^Konfabulator.lnk] "path"="C:\\Documents and Settings\\Amar\\Start Menu\\Programs\\Startup\\Konfabulator.lnk" "backup"="C:\\WINDOWS\\pss\\Konfabulator.lnkStartup" "location"="Startup" "command"="C:\\Program Files\\Pixoria\\Konfabulator\\Konfabulator.exe " "item"="Konfabulator" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Amar^Start Menu^Programs^Startup^Stardock ObjectDock.lnk] "path"="C:\\Documents and Settings\\Amar\\Start Menu\\Programs\\Startup\\Stardock ObjectDock.lnk" "backup"="C:\\WINDOWS\\pss\\Stardock ObjectDock.lnkStartup" "location"="Startup" "command"="C:\\WINDOWS\\BRICOP~1\\VISTAI~1\\OBJECT~1\\OBJECT~1.EXE " "item"="Stardock ObjectDock" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Amar^Start Menu^Programs^Startup^Y'z ToolBar.lnk] "path"="C:\\Documents and Settings\\Amar\\Start Menu\\Programs\\Startup\\Y'z ToolBar.lnk" "backup"="C:\\WINDOWS\\pss\\Y'z ToolBar.lnkStartup" "location"="Startup" "command"="C:\\WINDOWS\\BRICOP~1\\VISTAI~1\\YZTOOL~1\\YZTOOL~1.EXE " "item"="Y'z ToolBar" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM ®] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="aim" "hkey"="HKCU" "command"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bldbubg" "hkey"="HKLM" "command"="c:\\dell\\bldbubg.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="200619132740_mcappins" "hkey"="HKLM" "command"="C:\\DOCUME~1\\Amar\\LOCALS~1\\Temp\\200619132740_mcappins.exe /v=3 /cleanup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DSAgnt" "hkey"="HKCU" "command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tfswctrl" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DMXLauncher" "hkey"="HKLM" "command"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DVDLauncher" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C60 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="E_A10IC2" "hkey"="HKCU" "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_A10IC2.EXE /P23 \"EPSON Stylus C60 Series\" /O6 \"USB001\" /M \"Stylus C60\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hkcmd" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\hkcmd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hkcmd" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\hkcmd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="igfxpers" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\igfxpers.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="igfxtray" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\igfxtray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ifrmewrk" "hkey"="HKLM" "command"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ZCfgSvc" "hkey"="HKLM" "command"="C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISUSPM" "hkey"="HKLM" "command"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="issch" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -k" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -k" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kkwgigik] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iexpl0re" "hkey"="HKCU" "command"="C:\\DOCUME~1\\Amar\\LOCALS~1\\Temp\\iexpl0re.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="McAgent" "hkey"="HKLM" "command"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mcupdate" "hkey"="HKLM" "command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mmtask" "hkey"="HKLM" "command"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mm_tray" "hkey"="HKLM" "command"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICO" "hkey"="HKLM" "command"="ICO.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MpfTray" "hkey"="HKLM" "command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="200619132734_mcinfo" "hkey"="HKLM" "command"="C:\\DOCUME~1\\Amar\\LOCALS~1\\Temp\\200619132734_mcinfo.exe /insfin" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="oasclnt" "hkey"="HKLM" "command"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QBReminder" "hkey"="HKLM" "command"="\"C:\\Program Files\\Intuit\\QuickBooks 2005\\Atom\\QBReminder.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RealPlay" "hkey"="HKLM" "command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rqs6xq2c] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="crasos" "hkey"="HKCU" "command"="C:\\DOCUME~1\\Amar\\LOCALS~1\\Temp\\crasos.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyAxe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="spyaxe" "hkey"="HKLM" "command"="C:\\Program Files\\SpyAxe\\spyaxe.exe /h" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\j2re1.4.2_08\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPLpr" "hkey"="HKLM" "command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UnlockerAssistant" "hkey"="HKLM" "command"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_7" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Cn913" "hkey"="HKLM" "command"="C:\\DOCUME~1\\Amar\\LOCALS~1\\Temp\\Cn913.Exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mcvsshld" "hkey"="HKLM" "command"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mcmnhdlr" "hkey"="HKLM" "command"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E272C1EF-275E-4733-FF5E-13455234524F}"="nwlpri.dll" "{05397E9D-30D1-4216-AACB-F9EA1F1E4E85}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" "{F9380104-ED78-482b-AA88-714D773131C4}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=dword:00000000 "NoColorChoice"=dword:00000000 "NoSizeChoice"=dword:00000000 "NoDispBackgroundPage"=dword:00000000 "NoDispScrSavPage"=dword:00000000 "NoDispCPL"=dword:00000000 "NoVisualStyleChoice"=dword:00000000 "NoDispSettingsPage"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=dword:00000001 "AllowUnhashedWebView"=dword:00000001 "NoCDBurning"=dword:00000000 "NoActiveDesktopChanges"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSaveSettings"=dword:00000000 "NoThemesTab"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E] Shell\adobe\command E:\goodies\ar405eng.exe Shell\AutoRun\command E:\aocsetup.exe /autorun Shell\log\command E:\goodies\machine\machine.exe -l Shell\machine\command E:\goodies\machine\machine.exe Shell\setup\command E:\aocsetup.exe /autorun Shell\zone\command E:\goodies\mszone\zonea660.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1163416-edd8-11d9-81cd-0012f0aa89ca}] Shell\Auto\command F:\0wen0.exe Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 0wen0.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bafe9f3c-873b-11db-82b5-0012f0aa89ca}] Shell\AutoRun\command E:\podcastready.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef4f2881-9006-11db-82bb-0012f0aa89ca}] Shell\adobe\command E:\goodies\ar405eng.exe Shell\AutoRun\command E:\aocsetup.exe /autorun Shell\log\command E:\goodies\machine\machine.exe -l Shell\machine\command E:\goodies\machine\machine.exe Shell\setup\command E:\aocsetup.exe /autorun Shell\zone\command E:\goodies\mszone\zonea660.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6fade12-4ac3-11db-8299-0012f0aa89ca}] Shell\AutoRun\command F:\LaunchU3.exe ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070403-172934-917 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 backup-20070403-172934-697 O4 - HKCU\..\Run: [j4tbvw] C:\DOCUME~1\Amar\LOCALS~1\Temp\crasos.exe ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-03 17:37:45 C:\ComboFix-quarantined-files.txt ... 07-04-03 17:37
×
×
  • Create New...