Hjt Log

[Ried]

Hiya,

No, based on what I see in this last scan, I'd like you to scan with the following tool:

Please download SREng.

**You may receive a message "The bandwidth limit for this site has been exceeded", please keep trying--eventually you'll get through.

1. Extract it to Desktop & double click SREng.exe to run it

2. Select 'Smart Scan' & tick "Verify Digital Signatures"

3. Click on the [Scan] button

4. When finished, click on the [Save Reports] button & save the log to Desktop

5. Attach the log in your next reply. Dont post it.

You may have to rename SREngLOG.log to SREngLOG.txt to upload it.

[hookem085]

When I do this Please download SREng.
What do I click on Local Download 1 or Local Download 2

Also I stopped the Panda Scan it was taking Hours

but here is the report I got

Incident Status Location

Adware:adware/virtualbouncer Not disinfected c:\winnt\system32\INNERADINSTALL.LOG
Adware:adware/ipinsight Not disinfected c:\winnt\inf\polall1r.inf
Adware:adware/delfinmedia Not disinfected c:\keys.ini
Potentially unwanted tool:application/bestoffer Not disinfected c:\winnt\smdat32m.sys
Spyware:spyware/media-motor Not disinfected c:\winnt\ubber60.ini
Spyware:spyware/aveo-attune Not disinfected c:\program files\Aveo
Spyware:spyware/safesurf Not disinfected Windows Registry
Adware:adware/prositefinder Not disinfected Windows Registry
Adware:adware/rxtoolbar Not disinfected Windows Registry
Adware:adware/transponder Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\classes\ADM.ADM
Adware:adware/zango Not disinfected Windows Registry
Adware:adware/instafinder Not disinfected Windows Registry
Adware:adware/mirar Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/adrotator Not disinfected Windows Registry
Adware:adware/blazefind Not disinfected Windows Registry
Adware:adware/popupsearches Not disinfected Windows Registry
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\All Users\Documents\backups\backup-20050116-135255-650.dll
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Jacob\Application Data\Install.dat
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@adrevolver[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@fastclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@media.fastclick[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@zedo[1].txt
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Jacob\Local Settings\Temp\ExtractDLL.dll
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Jacob\Local Settings\Temp\qms3.tmp
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Jacob\Local Settings\Temp\qms93.tmp
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mary Kay\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mary Kay\Desktop\SmitfraudFix\Process.exe
Spyware:Spyware/New.net Not disinfected C:\RECYCLER\S-1-5-21-1292428093-1993962763-854245398-500\Dc4.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\COOKIES\jacob@offeroptimizer[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\COOKIES\jacob@offeroptimizer[2].txt
Spyware:Cookie/MyWay Not disinfected C:\WINDOWS\COOKIES\jacob@www.xzoomy[1].txt
Spyware:Cookie/MyWay Not disinfected C:\WINDOWS\COOKIES\jacob@www.xzoomy[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\COOKIES\katierose@rn11[1].txt
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\SYSTEM\lwr2.dll
Adware:Adware/nCase Not disinfected C:\WINDOWS\SYSTEM\ncase.dll
Adware:Adware/nCase Not disinfected C:\WINDOWS\SYSTEM\ncase2.dll

[hookem085]

I clicked on Local Download 1 hope it was the right button so attached is the log

[Ried]

Hi,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's Important to carry out all the instructions in the sequence listed below.

***************************************************

Download Pocket Killbox to your desktop. We'll use this shortly.

------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Launch KillBox.exe & select the following options:

• Delete on Reboot
• All files (if available)

Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy:

c:\winnt\system32\INNERADINSTALL.LOG
c:\winnt\inf\polall1r.inf
c:\keys.ini
c:\winnt\smdat32m.sys
c:\winnt\ubber60.ini
C:\Documents and Settings\Jacob\Application Data\Install.dat
C:\WINDOWS\SYSTEM\lwr2.dll
C:\WINDOWS\SYSTEM\ncase.dll
C:\WINDOWS\SYSTEM\ncase2.dll
C:\Documents and Settings\Jacob\Local Settings\Temp\ExtractDLL.dll
C:\Documents and Settings\Jacob\Local Settings\Temp\qms93.tmp

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* KillBox will alert you the files will be deleted on next reboot, click Yes
* When asked to Reboot, select NO

--------------------------------------------------------------------


Run SDFix:

Open the extracted SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.

--------------------------------------------------------------------

You should now be in Normal Mode.

--------------------------------------------------------------------

Run another online scan at Panda and save the results.

--------------------------------------------------------------------

Run a new scan with ComboScan.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\SDFix\Report.txt
Panda results
New ComboScan.txt

[hookem085]

How is your system behaving now?

Just the same as before, and where there are are suppose to be pictures there is a blank box with the red and blue dot box next to it. ( I don't know what to call that)
And in order to get online I click on "internet" nothing at first except the Hour glass then I click on it again and it opens up but very slowly.

ComboScan v20070306.20 run by Mary Kay on 2007-03-25 at 11:36:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mary Kay.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:36:32 AM, on 3/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\notepad.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\DOCUME~1\MARYKA~1\LOCALS~1\Temp\winlogon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mary Kay\Desktop\comboscan.exe
C:\DOCUME~1\MARYKA~1\Desktop\COMPUT~1\MARYKA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\MARYKA~1\LOCALS~1\Temp\winlogon.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...reeInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151346326632
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128440500009
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://mhost236.theintelligentnetwork.com/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing)


-- Files created between 2007-02-25 and 2007-03-25 -----------------------------



-- Find3M Report ---------------------------------------------------------------

2007-03-25 11:27:43 0 d-------- C:\Documents and Settings\Mary Kay\Application Data\AdobeUM
2007-03-25 01:08:28 1632 --a------ C:\WINNT\system32\d3d8caps.dat
2007-03-24 10:36:00 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-24 10:24:40 0 dr------- C:\Program Files\Messenger<MESSEN~1>
2007-03-24 10:21:47 0 d-------- C:\Program Files\iTunes
2007-03-24 10:18:21 0 d-------- C:\Program Files\Google
2007-03-24 10:08:49 0 d-------- C:\Program Files\AIM
2007-03-24 08:21:40 0 d-------- C:\Documents and Settings\Mary Kay\Application Data\AVG7
2007-03-23 14:53:08 2174 --a------ C:\WINNT\system32\tmp.reg
2007-03-19 07:22:05 0 d-------- C:\Program Files\Grisoft
2007-03-18 13:22:09 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub<MICROS~7>
2007-01-29 03:58:06 60416 -----n--- C:\WINNT\system32\tzchange.exe
2006-12-27 05:00:10 12288550 -----n--- C:\AVG7QT.DAT


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"ctfmon.exe"="C:\\WINNT\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Firewall auto setup"="C:\\DOCUME~1\\MARYKA~1\\LOCALS~1\\Temp\\winlogon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-03-25 at 11:37:08 ------------------------

-----------------------------------------------------------------------


SDFix: Version 1.74

Run by Administrator - Sun 03/25/2007 - 11:09:38.74

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:





Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




ADS Check:

C:\WINNT\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"C:\\Program Files\\Real\\RealPlayer\\trueplay.exe"="C:\\Program Files\\Real\\RealPlayer\\trueplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Documents and Settings\\Mary Kay\\Local Settings\\Temp\\s1n8.1.exe"="C:\\Documents and Settings\\Mary Kay\\Local Settings\\Temp\\s1n8.1.exe:*:Enabled:enable"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Documents and Settings\\Mary Kay\\Local Settings\\Temp\\winlogon.exe"="C:\\Documents and Settings\\Mary Kay\\Local Settings\\Temp\\winlogon.exe:*:Enabled:winlogon"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------


Checking For Files with Hidden Attributes :

C:\CHOICE.COM
C:\command.com
C:\Program Files\Uninstall Information\IE40.Comctl32\AINF0000
C:\Program Files\Accessories\MSPCX32.DLL
C:\Program Files\Accessories\HyperTerminal\HTICONS.DLL
C:\Program Files\Accessories\HyperTerminal\HYPERTRM.DLL
C:\Program Files\Uninstall Information\mshtml.DllReg\AINF0000
C:\ZZ.EXE
C:\LOGO.SYS
C:\WINDOWS\COMMAND\EBD\winboot.sys
C:\WINNT\system32\config\default.tmp.LOG
C:\WINNT\system32\config\software.tmp.LOG
C:\WINNT\system32\config\system.tmp.LOG

Finished



-----------------------------------------------------------------------

Just now starting panda scan will get that to ya whenever it finishies

[hookem085]

3hrs later and Panda is still scanning. I am going off to my son's Lacrosse game. should be back in 3hrs hopefully it will be done then

[hookem085]

Panda scan:


Incident Status Location

Spyware:spyware/aveo-attune Not disinfected c:\program files\Aveo
Spyware:spyware/safesurf Not disinfected Windows Registry
Adware:adware/prositefinder Not disinfected Windows Registry
Adware:adware/rxtoolbar Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/transponder Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\classes\ADM.ADM
Adware:adware/zango Not disinfected Windows Registry
Adware:adware/instafinder Not disinfected Windows Registry
Adware:adware/mirar Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/blazefind Not disinfected Windows Registry
Adware:adware/popupsearches Not disinfected Windows Registry
Adware:Adware/Exact.BargainBuddy Not disinfected C:\!KillBox\lwr2.dll
Adware:Adware/Exact.BargainBuddy Not disinfected C:\!KillBox\lwr2.dll ( 5)
Adware:Adware/nCase Not disinfected C:\!KillBox\ncase.dll
Adware:Adware/nCase Not disinfected C:\!KillBox\ncase.dll ( 6)
Adware:Adware/nCase Not disinfected C:\!KillBox\ncase2.dll
Adware:Adware/nCase Not disinfected C:\!KillBox\ncase2.dll( 7)
Adware:Adware/Transponder Not disinfected C:\!KillBox\polall1r.inf
Adware:Adware/Transponder Not disinfected C:\!KillBox\polall1r.inf( 1)
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\All Users\Documents\backups\backup-20050116-135255-650.dll
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Glenn\Cookies\glenn@advertising[1].txt
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Jacob\Application Data\Install.dat
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@adrevolver[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@atwola[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@mediaplex[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@realmedia[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@tribalfusion[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jacob\Cookies\jacob@zedo[1].txt
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Jacob\Local Settings\Temp\ExtractDLL.dll
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Jacob\Local Settings\Temp\qms3.tmp
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Jacob\Local Settings\Temp\qms93.tmp
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mary Kay\Cookies\mary kay@atwola[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mary Kay\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mary Kay\Desktop\SmitfraudFix\Process.exe
Spyware:Spyware/New.net Not disinfected C:\RECYCLER\S-1-5-21-1292428093-1993962763-854245398-500\Dc4.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\COOKIES\jacob@offeroptimizer[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\COOKIES\jacob@offeroptimizer[2].txt
Spyware:Cookie/MyWay Not disinfected C:\WINDOWS\COOKIES\jacob@www.xzoomy[1].txt
Spyware:Cookie/MyWay Not disinfected C:\WINDOWS\COOKIES\jacob@www.xzoomy[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\COOKIES\katierose@rn11[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\WINNT\system32\Process.exe
Adware:Adware/WebSearch Not disinfected C:\_RESTORE\ARCHIVE\FS4673.CAB[W0064919.CPY]
Adware:Adware/WinTools Not disinfected C:\_RESTORE\ARCHIVE\FS8467.CAB[W0010991.CPY]
Adware:Adware/WinTools Not disinfected C:\_RESTORE\ARCHIVE\FS8491.CAB[W0014911.CPY]
Adware:Adware/TVMedia Not disinfected C:\_RESTORE\ARCHIVE\FS8523.CAB[W0023259.CPY]
Adware:Adware/TVMedia Not disinfected C:\_RESTORE\ARCHIVE\FS8523.CAB[W0023261.CPY]
Adware:Adware/Exact.SearchBar Not disinfected C:\_RESTORE\TEMP\A0029669.CPY
Adware:Adware/SideSearch Not disinfected C:\_RESTORE\TEMP\A0029784.CPY[²êÇ.dll]
Spyware:Spyware/ClearSearch Not disinfected C:\_RESTORE\TEMP\A0029784.CPY[ClrSchUninstall_78_86.exe]
Adware:Adware/IST.ISTBar Not disinfected C:\_RESTORE\TEMP\A0029799.CPY
Adware:Adware/WurldMedia Not disinfected C:\_RESTORE\TEMP\A0056384.CPY
Adware:Adware/TopMoxie Not disinfected C:\_RESTORE\TEMP\A0056399.CPY
Adware:Adware/Exact.BargainBuddy Not disinfected C:\_RESTORE\TEMP\A0056412.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102559.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102560.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102561.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102562.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102563.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102564.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102565.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102566.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102567.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102568.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102569.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102570.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102571.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102572.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102573.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102574.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102575.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102576.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102577.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102578.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102579.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102580.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102581.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102582.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102583.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102584.CPY
Adware:Adware/DealHelper Not disinfected C:\_RESTORE\TEMP\A0102585.CPY