Tech Support banner

Status
Not open for further replies.
1 - 18 of 18 Posts

·
Registered
Joined
·
46 Posts
Discussion Starter #1
I dont know if this is the right spot to post this but I had too...

I'm having with my computer in the sense that I cant go on hotmail, msn it tells "page not found"

"ares" wont let me download nor search for songs...my internet is connected but it wont work?

anyone please help
 

·
Registered
Joined
·
46 Posts
Discussion Starter #3
heres my log

Logfile of HijackThis v1.99.1
Scan saved at 3:24:54 PM, on 10/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton Personal Firewall\NISUM.EXE
D:\WINDOWS\System32\alg.exe
D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\WINDOWS\System32\lexpps.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Ares Lite Edition\Ares.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\me\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcmaster.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcmaster.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - D:\WINDOWS\System32\cxdnb.dll (file missing)
O2 - BHO: Mega! - {8BC6346B-FFB0-4435-ACE3-FACA6CD77816} - D:\DOCUME~1\me\LOCALS~1\Temp\MegaHost.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - D:\WINDOWS\System32\cxdnb.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares Lite Edition\Ares.exe" -h
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .m4a: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mp3: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15a2e8d1b2e360cd2b21/netzip/RdxIE601.cab
O16 - DPF: {564EC66E-5A1B-51D3-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext01.chm::/MegaInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F02930-1D11-4BAA-849A-F11E077F2ECA}: NameServer = 85.255.113.132,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AAA0102-029B-447F-8E4D-291E00B8717F}: NameServer = 85.255.113.132,85.255.112.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F02930-1D11-4BAA-849A-F11E077F2ECA}: NameServer = 85.255.113.132,85.255.112.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{04F02930-1D11-4BAA-849A-F11E077F2ECA}: NameServer = 85.255.113.132,85.255.112.21
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft hyper card manager (Mhcm) - Unknown owner - D:\WINDOWS\mshytcsx32.exe (file missing)
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Before we can proceed any further, please visit Microsoft's Windows Update Page and install ALL Critcal Updates for your system (except Service Pack 2 (SP2). SP2 should only be installed on a fully disinfected system). At the minimum install at least SP1a for both XP and IE6.

Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update XP to SP1 we must stop the cleansing process here.

Thank you for your cooperation.
 

·
Registered
Joined
·
46 Posts
Discussion Starter #7
I download it then ran it then it told me that my msn should work so then I restarted my cpmputer then tried to go on msn but didint work? WHY :(
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Please print out these instructions for reference as you will have to restart your computer during the fix. An internet connection is required as the installer will need to download other files during the fix.

Please download & Install - FixWareout.exe

When you reach the final page of the installation process, make sure "Run fixit" is checked.
Follow the on-screen prompts & reboot your computer when instructed to do so.

**Do not be alarmed if your computer takes longer than usual to load.

After you have restarted, wait for HijackThis to launch automatically.
Please click Scan, and check the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?ap...ODQ6NTo5&Terms=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?ap...ODQ6NTo5&Terms=
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - D:\WINDOWS\System32\cxdnb.dll (file missing)
O2 - BHO: Mega! - {8BC6346B-FFB0-4435-ACE3-FACA6CD77816} - D:\DOCUME~1\me\LOCALS~1\Temp\MegaHost.dll (file missing)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - D:\WINDOWS\System32\cxdnb.dll (file missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/15a2e8d...ip/RdxIE601.cab
O16 - DPF: {564EC66E-5A1B-51D3-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext01....gaInstaller.exe
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/am....1.11_en_dl.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F02930-1D11-4BAA-849A-F11E077F2ECA}: NameServer = 85.255.113.132,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AAA0102-029B-447F-8E4D-291E00B8717F}: NameServer = 85.255.113.132,85.255.112.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F02930-1D11-4BAA-849A-F11E077F2ECA}: NameServer = 85.255.113.132,85.255.112.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{04F02930-1D11-4BAA-849A-F11E077F2ECA}: NameServer = 85.255.113.132,85.255.112.21


Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:fixwareoutreport.txt, along with a new HijackThis log.
 

·
Registered
Joined
·
46 Posts
Discussion Starter #9
ok I didi what u said here are my logs:

logfile c:fixwareoutreport.txt:

Check for missing files
.....
D:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
"VDD"=hex(7):44,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,63,5c,53,\
33,32,45,56,4e,54,31,2e,44,4c,4c,00,00
.....
End vxd check
.....


hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 2:30:10 PM, on 10/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton Personal Firewall\NISUM.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Ares Lite Edition\Ares.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Documents and Settings\me\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcmaster.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcmaster.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares Lite Edition\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .m4a: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mp3: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft hyper card manager (Mhcm) - Unknown owner - D:\WINDOWS\mshytcsx32.exe (file missing)
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.
 

·
Registered
Joined
·
46 Posts
Discussion Starter #11
ok here is my active scan log:

ncident Status Location

Virus:Trj/Agent.AMR Disinfected Operating system
Adware:adware/cws No disinfected D:\DOCUMENTS AND SETTINGS\ALL USERS\FAVORITES\AdultGambling.url
Spyware:spyware/wareout No disinfected D:\Documents and Settings\me\Application Data\wo.tmp
Adware:adware/sbsoft No disinfected D:\WINDOWS\rdt.ini
Adware:adware/twain-tech No disinfected D:\WINDOWS\satmat.ini
Adware:adware/blazefind No disinfected Windows Registry
Dialer:dialer.bqw No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\CONC
Adware:adware/p2pnetworking No disinfected Windows Registry
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{35E71A15-FED3-4C86-B995-8630FC9E7E20}\RP31\A0015002.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{35E71A15-FED3-4C86-B995-8630FC9E7E20}\RP31\A0015003.cpl
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{35E71A15-FED3-4C86-B995-8630FC9E7E20}\RP31\A0015004.exe
Hacktool:HackTool/ExitWin.A No disinfected C:\System Volume Information\_restore{35E71A15-FED3-4C86-B995-8630FC9E7E20}\RP32\A0029295.exe
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking v1252.cpl
Security Risk:Application/RestartNo disinfected C:\WINDOWS\system32\Tools\Restart.exe
Spyware:Spyware/WareOut No disinfected D:\Program Files\WareOut\uninstall.exe
Spyware:Spyware/WareOut No disinfected D:\Program Files\WareOut\WareOutUpdate.exe
Adware:Adware/Transponder No disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP1\A0000003.exe
Virus:Trj/Qhost.BP Disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP1\A0000004.exe
Adware:Adware/Megatds No disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP1\A0000006.exe
Virus:Trj/Demetib.A Disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP1\A0000010.exe
Adware:Adware/Megatds No disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP1\A0000376.exe
Virus:Trj/Demetib.A Disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP1\A0000380.exe
Adware:Adware/Megatds No disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP2\A0000419.exe
Virus:Trj/Demetib.A Disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP3\A0000460.exe
Adware:Adware/Megatds No disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP4\A0000513.exe
Virus:Trj/Demetib.A Disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP4\A0000517.exe
Adware:Adware/Megatds No disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP4\A0000523.exe
Virus:Trj/Demetib.A Disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP4\A0000527.exe
Adware:Adware/Megatds No disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP4\A0000538.exe
Virus:Trj/Demetib.A Disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP4\A0000542.exe
Adware:Adware/Megatds No disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP4\A0000544.exe
Virus:Trj/Demetib.A Disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP4\A0000548.exe
Adware:Adware/Megatds No disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP5\A0000578.exe
Virus:Trj/Demetib.A Disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP5\A0000581.exe
Adware:Adware/Megatds No disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP5\A0000654.exe
Virus:Trj/Demetib.A Disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP5\A0000658.exe
Adware:Adware/Megatds No disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP5\A0000668.exe
Virus:Trj/Demetib.A Disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP5\A0000672.exe
Virus:Trj/Agent.AMR Disinfected D:\System Volume Information\_restore{B4B42C9C-5211-4030-8EB7-FB4A020F9CAD}\RP5\A0000705.exe
Spyware:Spyware/BetterInet No disinfected D:\WINDOWS\inf\satmat.inf
Adware:Adware/IPInsight No disinfected D:\WINDOWS\satmat.ini
Virus:W32/Sdbot.ftp Disinfected D:\WINDOWS\system32\i
Adware:Adware/Aurora No disinfected D:\WINDOWS\system32\mqlxki.exe
Security Risk:Application/RestartNo disinfected D:\WINDOWS\system32\Tools\Restart.exe


here is the antyspyware log

Started Scanning
Internet Cookies
Found '2o7.net' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'centrport.net' in 'Internet Explorer Cache'
Found 'fastclick.net' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'imrworldwide.com' in 'Internet Explorer Cache'
Found 'atwola.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Classes\JCDE_Stack.1'
Found '' in 'SOFTWARE\Classes\SigningModule.SigningModule'
Found '' in 'SOFTWARE\Classes\SigningModule.SigningModule.1'
Found '' in 'SOFTWARE\Classes\SigningModule.SigningModule.1\CLSID'
Found '' in 'SOFTWARE\Classes\SigningModule.SigningModule\CLSID'
Found '' in 'SOFTWARE\Classes\SigningModule.SigningModule\CurVer'
Found '' in 'SOFTWARE\Classes\JCDE_Stack.1\CLSID'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'SOFTWARE\180solutions\msbb'
Found '' in 'SOFTWARE\Classes\ToolBand.ToolBandObj'
Found '' in 'SOFTWARE\Classes\ToolBand.ToolBandObj.1'
Found '' in 'SOFTWARE\Classes\ToolBand.ToolBandObj.1\CLSID'
Found '' in 'SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID'
Found '' in 'SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer'
Found 'did' in 'SOFTWARE\180solutions\msbb'
Found 'duid' in 'SOFTWARE\180solutions\msbb'
Found 'partner_id' in 'SOFTWARE\180solutions\msbb'
Found 'product_id' in 'SOFTWARE\180solutions\msbb'
Found 'smt' in 'SOFTWARE\180solutions\msbb'
Found 'Location' in 'SOFTWARE\Magnet'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found 'DdeApplication' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'DdeTopic' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'Description' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'kt' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'ShellExecute' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'http' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found 'urn:kzhash' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found 'urn:topsearch' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\InprocServer32'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\MiscStatus'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\MiscStatus\1'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\ToolboxBitmap32'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Version'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\HELPDIR'
Found '' in 'eeennn'
Found '' in 'SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE}'
Found '' in 'SOFTWARE\Classes\Interface\{AD5BC1F0-72D8-44B3-8E3D-8E8FECCE43FB}'
Found '' in 'SOFTWARE\Classes\Interface\{E813099D-5529-47F4-9B37-4AFAFCB00A43}'
Found '' in 'SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A}'
Found '' in 'SOFTWARE\MyWay'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}'
Found '' in 'SOFTWARE\Classes\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}'
Found 'conc' in 'Software\Microsoft\Internet Explorer\Main'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0'
Found '' in 'SOFTWARE\Classes\AppID\LoaderX.EXE'
Found '' in 'SOFTWARE\Classes\AppID\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8}'
Found '' in 'SOFTWARE\MySearch\bar'
Found 'CacheDir' in 'SOFTWARE\MySearch\bar'
Found 'HistoryDir' in 'SOFTWARE\MySearch\bar'
Found 'Id' in 'SOFTWARE\MySearch\bar'
Found 'AppID' in 'SOFTWARE\Classes\AppID\LoaderX.EXE'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Found '' in 'AppID\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8}'
Found '' in 'AppID\LoaderX.EXE'
Found '' in 'TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}'
Found '' in 'Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Program Files\Altnet'
Found 'GatorPdpSetup.log' in 'C:\WINDOWS'
Found 'P2P Networking v1252.cpl' in 'C:\WINDOWS\system32'
Found '' in 'D:\Program Files\MySearch'
Found '' in 'D:\Program Files\MyWay'
Found 'asseenontv.png' in 'D:\WINDOWS\system32'
Found 'creditcard.ico' in 'D:\WINDOWS\system32'
Found 'findanewlover.png' in 'D:\WINDOWS\system32'
Found 'findanewlover1.png' in 'D:\WINDOWS\system32'
Found 'poker1.png' in 'D:\WINDOWS\system32'
Found 'usaplat.ico' in 'D:\WINDOWS\system32'
Found 'windows casino.ico' in 'D:\WINDOWS\system32'
Finished Scanning
Started Scanning
Internet Cookies
Found '2o7.net' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'centrport.net' in 'Internet Explorer Cache'
Found 'fastclick.net' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'imrworldwide.com' in 'Internet Explorer Cache'
Found 'atwola.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Classes\JCDE_Stack.1'
Found '' in 'SOFTWARE\Classes\SigningModule.SigningModule'
Found '' in 'SOFTWARE\Classes\SigningModule.SigningModule.1'
Found '' in 'SOFTWARE\Classes\SigningModule.SigningModule.1\CLSID'
Found '' in 'SOFTWARE\Classes\SigningModule.SigningModule\CLSID'
Found '' in 'SOFTWARE\Classes\SigningModule.SigningModule\CurVer'
Found '' in 'SOFTWARE\Classes\JCDE_Stack.1\CLSID'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'SOFTWARE\180solutions\msbb'
Found '' in 'SOFTWARE\Classes\ToolBand.ToolBandObj'
Found '' in 'SOFTWARE\Classes\ToolBand.ToolBandObj.1'
Found '' in 'SOFTWARE\Classes\ToolBand.ToolBandObj.1\CLSID'
Found '' in 'SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID'
Found '' in 'SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer'
Found 'did' in 'SOFTWARE\180solutions\msbb'
Found 'duid' in 'SOFTWARE\180solutions\msbb'
Found 'partner_id' in 'SOFTWARE\180solutions\msbb'
Found 'product_id' in 'SOFTWARE\180solutions\msbb'
Found 'smt' in 'SOFTWARE\180solutions\msbb'
Found 'Location' in 'SOFTWARE\Magnet'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found 'DdeApplication' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'DdeTopic' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'Description' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'kt' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'ShellExecute' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found 'http' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found 'urn:kzhash' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found 'urn:topsearch' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\InprocServer32'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\MiscStatus'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\MiscStatus\1'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\ToolboxBitmap32'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Version'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\HELPDIR'
Found '' in 'eeennn'
Found '' in 'SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE}'
Found '' in 'SOFTWARE\Classes\Interface\{AD5BC1F0-72D8-44B3-8E3D-8E8FECCE43FB}'
Found '' in 'SOFTWARE\Classes\Interface\{E813099D-5529-47F4-9B37-4AFAFCB00A43}'
Found '' in 'SOFTWARE\Classes\Interface\{D273D427-57C6-4B12-860F-BBB8195F6E2A}'
Found '' in 'SOFTWARE\MyWay'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}'
Found '' in 'SOFTWARE\Classes\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}'
Found 'conc' in 'Software\Microsoft\Internet Explorer\Main'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0'
Found '' in 'SOFTWARE\Classes\AppID\LoaderX.EXE'
Found '' in 'SOFTWARE\Classes\AppID\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8}'
Found '' in 'SOFTWARE\MySearch\bar'
Found 'CacheDir' in 'SOFTWARE\MySearch\bar'
Found 'HistoryDir' in 'SOFTWARE\MySearch\bar'
Found 'Id' in 'SOFTWARE\MySearch\bar'
Found 'AppID' in 'SOFTWARE\Classes\AppID\LoaderX.EXE'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Found '' in 'AppID\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8}'
Found '' in 'AppID\LoaderX.EXE'
Found '' in 'TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}'
Found '' in 'Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Program Files\Altnet'
Found 'GatorPdpSetup.log' in 'C:\WINDOWS'
Found 'P2P Networking v1252.cpl' in 'C:\WINDOWS\system32'
Found '' in 'D:\Program Files\MySearch'
Found '' in 'D:\Program Files\MyWay'
Found 'asseenontv.png' in 'D:\WINDOWS\system32'
Found 'creditcard.ico' in 'D:\WINDOWS\system32'
Found 'findanewlover.png' in 'D:\WINDOWS\system32'
Found 'findanewlover1.png' in 'D:\WINDOWS\system32'
Found 'poker1.png' in 'D:\WINDOWS\system32'
Found 'usaplat.ico' in 'D:\WINDOWS\system32'
Found 'windows casino.ico' in 'D:\WINDOWS\system32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Program Files\Altnet' in shortcut areas.
Checking for 'C:\Program Files\Altnet' in startup areas.
Cleaning 'C:\Program Files\Altnet'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.xmd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.xmd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.xmd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ceva_dll.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ceva_dll.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ceva_dll.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ceva_dll.cvd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ceva_dll.cvd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ceva_dll.cvd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ceva_vfs.cvd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ceva_vfs.cvd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ceva_vfs.cvd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.xmd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.xmd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.xmd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.xmd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.xmd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.xmd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx.xmd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx.xmd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx.xmd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.ivd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.ivd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.ivd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_x95.cvd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_x95.cvd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_x95.cvd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\na.cvd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\na.cvd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\na.cvd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\na.xmd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\na.xmd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\na.xmd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\nelf.cvd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\nelf.cvd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\nelf.cvd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\rup.xmd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\rup.xmd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\rup.xmd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sdx.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sdx.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sdx.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\tar.xmd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\tar.xmd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\tar.xmd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\unpack.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\unpack.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\unpack.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\unpack.ivd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\unpack.ivd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\unpack.ivd.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab'
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\zip.xmd.cab' in shortcut areas.
Checking for 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\zip.xmd.cab' in startup areas.
Cleaning 'C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\zip.xmd.cab'
Checking for 'C:\WINDOWS\GatorPdpSetup.log' in shortcut areas.
Checking for 'C:\WINDOWS\GatorPdpSetup.log' in startup areas.
Cleaning 'C:\WINDOWS\GatorPdpSetup.log'
Checking for 'C:\WINDOWS\system32\P2P Networking v1252.cpl' in shortcut areas.
Checking for 'C:\WINDOWS\system32\P2P Networking v1252.cpl' in startup areas.
Cleaning 'C:\WINDOWS\system32\P2P Networking v1252.cpl'
Checking for 'D:\Program Files\MySearch' in shortcut areas.
Checking for 'D:\Program Files\MySearch' in startup areas.
Cleaning 'D:\Program Files\MySearch'
Checking for 'D:\Program Files\MyWay' in shortcut areas.
Checking for 'D:\Program Files\MyWay' in startup areas.
Cleaning 'D:\Program Files\MyWay'
Checking for 'D:\WINDOWS\system32\asseenontv.png' in shortcut areas.
Checking for 'D:\WINDOWS\system32\asseenontv.png' in startup areas.
Cleaning 'D:\WINDOWS\system32\asseenontv.png'
Checking for 'D:\WINDOWS\system32\creditcard.ico' in shortcut areas.
Checking for 'D:\WINDOWS\system32\creditcard.ico' in startup areas.
Cleaning 'D:\WINDOWS\system32\creditcard.ico'
Checking for 'D:\WINDOWS\system32\findanewlover.png' in shortcut areas.
Checking for 'D:\WINDOWS\system32\findanewlover.png' in startup areas.
Cleaning 'D:\WINDOWS\system32\findanewlover.png'
Checking for 'D:\WINDOWS\system32\findanewlover1.png' in shortcut areas.
Checking for 'D:\WINDOWS\system32\findanewlover1.png' in startup areas.
Cleaning 'D:\WINDOWS\system32\findanewlover1.png'
Checking for 'D:\WINDOWS\system32\poker1.png' in shortcut areas.
Checking for 'D:\WINDOWS\system32\poker1.png' in startup areas.
Cleaning 'D:\WINDOWS\system32\poker1.png'
Checking for 'D:\WINDOWS\system32\usaplat.ico' in shortcut areas.
Checking for 'D:\WINDOWS\system32\usaplat.ico' in startup areas.
Cleaning 'D:\WINDOWS\system32\usaplat.ico'
Checking for 'D:\WINDOWS\system32\windows casino.ico' in shortcut areas.
Checking for 'D:\WINDOWS\system32\windows casino.ico' in startup areas.
Cleaning 'D:\WINDOWS\system32\windows casino.ico'
Finished Cleaning


now for the other one I didi waht u said scanned it then cleaned the threats then reboot it didi the same but it DIDNT give me or say save log or anyhtign liek that
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Delete these files:

D:\DOCUMENTS AND SETTINGS\ALL USERS\FAVORITES\AdultGambling.url
D:\Documents and Settings\me\Application Data\wo.tmp
D:\WINDOWS\rdt.ini
D:\WINDOWS\satmat.ini
C:\WINDOWS\system32\P2P Networking v1252.cpl
D:\WINDOWS\inf\satmat.inf
D:\WINDOWS\system32\mqlxki.exe


You should be able to update Windows now. Please update to at least SP1a before posting a new log.
 

·
Registered
Joined
·
46 Posts
Discussion Starter #13
C:\WINDOWS\system32\P2P Networking v1252.cpl


could not find this file to delete it and then I tried to go on microsoft to update it didint work?....it told me page not found
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Start HijackThis & go to Config>Misc Tools - select 'Open Host file manager'
Click Open in Notepad
Then copy/paste the entire contents in your next post.



After you have done that, Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot...
  1. In the popup box that appears, type in C:\WINDOWS\system32\P2P Networking v1252.cpl
  2. Click the Open button.
  3. Click YES when prompted to restart your computer.
 

·
Registered
Joined
·
46 Posts
Discussion Starter #15
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Download DelO15Domains.inf - Right click on this & choose "Save As..." DelO15Domains.inf

Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.

Reboot & try Windows Update again
 
1 - 18 of 18 Posts
Status
Not open for further replies.
Top