Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

· Registered
Joined
·
6 Posts
Hi Nic,
These are the results of my scan;

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-27 12:59:43
PROTECTIONS: 1
MALWARE: 15
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\ravi ramiah\Cookies\ravi [email protected][1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\ravi ramiah\Cookies\ravi [email protected][1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\ravi ramiah\Cookies\ravi [email protected][1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\ravi ramiah\Cookies\ravi [email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\ravi ramiah\Cookies\ravi [email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\ravi ramiah\Cookies\ravi [email protected][1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ravi ramiah\Cookies\ravi [email protected][2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\ravi ramiah\Cookies\ravi [email protected][1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\ravi ramiah\Cookies\ravi [email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\ravi ramiah\Cookies\ravi [email protected]dvertising[1].txt
00326166 Application/SudoPlanet HackTools No 0 Yes No C:\Program Files\SudoPlanet\SudoPlanet.exe
00326166 Application/SudoPlanet HackTools No 0 No No C:\WINDOWS\Temp\NSIS_install_SP.exe[SudoPlanet.exe]
01201664 Application/SudoPlanet HackTools No 0 Yes No C:\Program Files\SudoPlanet\SudoPlanet.dll
01201664 Application/SudoPlanet HackTools No 0 No No C:\WINDOWS\Temp\NSIS_install_SP.exe[SudoPlanet.dll]
02895333 Adware/NaviPromo Adware No 1 No No C:\WINDOWS\Temp\NSIS_install_SP.exe[²ÜÇ\NSUtils.dll]
02895333 Adware/NaviPromo Adware No 1 No No C:\Program Files\SudoPlanet\uninst.exe[²ÜÇ\NSUtils.dll]
02914109 Application/SudoPlanet HackTools No 0 Yes No C:\WINDOWS\Temp\NSIS_install_SP.exe
03104815 Generic Trojan Virus/Trojan No 0 No No C:\Documents and Settings\ravi ramiah\Local Settings\Temporary Internet Files\Content.IE5\A55MVY5O\egaccess4_1073_em_XP[1].cab[IaLdr32.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location ĝ
;===================================================================================================================================================================================
No C:\WINDOWS\SYSTEM32\iwcogug.exe ĝ
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ĝ
;===================================================================================================================================================================================
;===================================================================================================================================================================================
:4-dontkno

Hi Nick in the UK (forgot your username),
This is the maintxt.off the Hijack This Clone:

Deckard's System Scanner v20071014.68
Run by ravi ramiah on 2008-06-27 14:52:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 4.93 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-27 14:52:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\WINDOWS\SYSTEM32\igfxtray.exe
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\Program Files\Common Files\AOL\1186349881\ee\aolsoftware.exe
C:\WINDOWS\SYSTEM32\gsicon.exe
C:\WINDOWS\SYSTEM32\dslagent.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\WINDOWS\SYSTEM32\WLTRAY.EXE
C:\Program Files\Dell\AccessDirect\DadApp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Dell\AccessDirect\dadtray.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0g\aoltray.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mad.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\Program Files\Motive\Common\MotiveDirectory.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\AOL\1186349881\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1186349881\ee\aolsoftware.exe
C:\WINDOWS\SYSTEM32\lxcrcoms.exe
C:\Program Files\AOL 9.0g\waol.exe
C:\Program Files\AOL 9.0g\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Settings\ravi ramiah\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mozilla.org/start/1.0/faq/mail-news.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: 527631 helper - {54160F28-994B-48DD-8D83-1B2F6B9EB054} - C:\WINDOWS\system32\527631\527631.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1186349881\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 VR Tray Icon.lnk = C:\Program Files\AOL 9.0g\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: AOL Companion.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DF1A176-BF09-49E2-A081-2F656F17F476}: NameServer = 205.188.146.145
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: lxcr_device - Unknown owner - C:\WINDOWS\SYSTEM32\lxcrcoms.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE


--
End of file - 11957 bytes

-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-27 14:43:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-27 13:40:19 0 d-------- C:\ie-spyad_zo
2008-06-27 13:35:29 0 d-------- C:\Program Files\SpywareBlaster
2008-06-27 10:58:50 0 d-------- C:\Program Files\Panda Security
2008-06-26 20:22:53 0 d-------- C:\Documents and Settings\ravi ramiah\Application Data\PCF-VLC
2008-06-26 20:16:35 0 d-------- C:\Documents and Settings\ravi ramiah\Application Data\Participatory Culture Foundation
2008-06-26 20:15:33 0 d-------- C:\Program Files\Participatory Culture Foundation
2008-06-26 13:00:37 0 d-------- C:\fsaua.data
2008-06-25 20:09:04 0 d-------- C:\WINDOWS\pss
2008-06-25 16:42:04 0 d--h----- C:\$AVG8.VAULT$
2008-06-25 16:35:45 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-25 16:35:44 0 d-------- C:\Documents and Settings\ravi ramiah\Application Data\AVGTOOLBAR
2008-06-25 16:35:29 0 d-------- C:\Program Files\AVG
2008-06-25 16:35:28 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-19 12:11:14 118784 --a------ C:\WINDOWS\ShowBmp.exe <Not Verified; ; ShowBmp Application>
2008-06-19 12:11:14 65536 --a------ C:\WINDOWS\amcap533.exe <Not Verified; DSC CAMERA; Amcap5xx>
2008-06-19 12:11:13 0 d-------- C:\WINDOWS\Setup533
2008-06-14 10:53:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-14 10:52:14 0 d-------- C:\Program Files\Yahoo!
2008-06-12 10:24:29 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-12 10:24:24 0 d-------- C:\Documents and Settings\ravi ramiah\Application Data\skypePM
2008-06-07 13:53:28 0 d-------- C:\Documents and Settings\ravi ramiah\Application Data\Skype
2008-06-07 13:53:00 0 d-------- C:\Program Files\Skype
2008-06-07 13:53:00 0 d-------- C:\Program Files\Common Files\Skype
2008-06-07 13:52:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype


-- Find3M Report ---------------------------------------------------------------

2008-06-27 14:07:45 0 d-------- C:\Documents and Settings\ravi ramiah\Application Data\Viewpoint
2008-06-27 10:48:29 0 d-------- C:\Program Files\Viewpoint
2008-06-26 19:39:16 0 d-------- C:\Documents and Settings\ravi ramiah\Application Data\Adobe
2008-06-26 13:24:00 0 d-------- C:\Program Files\VirusHeat 4.4
2008-06-26 00:49:15 0 d-------- C:\Program Files\McAfee.com
2008-06-26 00:49:10 0 d-------- C:\Program Files\Common Files
2008-06-26 00:46:09 0 d-------- C:\Program Files\BrainTrainAge
2008-06-25 18:23:06 0 d-------- C:\Documents and Settings\ravi ramiah\Application Data\Mozilla
2008-06-22 18:15:32 0 d-------- C:\Program Files\AOL 9.0g
2008-06-21 18:57:39 0 d-------- C:\Program Files\lx_cats
2008-06-19 12:12:42 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-19 12:11:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 10:52:08 0 d-------- C:\Program Files\Google
2008-06-13 11:55:19 0 d-------- C:\Program Files\Common Files\AOL
2008-04-23 20:12:03 6086 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-23 08:12:28 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-23 08:12:28 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-14 19:28:11 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54160F28-994B-48DD-8D83-1B2F6B9EB054}]
C:\WINDOWS\system32\527631\527631.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
25/06/2008 16:35 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [25/06/2008 16:35 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [24/02/2006 03:24]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [07/01/2004 02:01]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [13/05/2004 20:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [14/05/2004 10:35]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [19/11/2003 18:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [24/02/2005 22:26]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [06/03/2006 09:18]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [20/08/2004 16:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [20/08/2004 16:51]
"HostManager"="C:\Program Files\Common Files\AOL\1186349881\ee\AOLSoftware.exe" [17/11/2006 14:21]
"GSICONEXE"="gsicon.exe" [14/05/2003 01:00 C:\WINDOWS\SYSTEM32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [25/04/2003 01:00 C:\WINDOWS\SYSTEM32\dslagent.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 02:05]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [04/03/2004 12:36]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [25/06/2008 16:35]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [07/12/2007 16:30]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [06/05/2003 09:28]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [13/02/2007 19:29]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/08/2007 23:37]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 22:22]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [06/02/2006 20:40]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [13/03/2008 14:30]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/10/2004 16:54]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [07/10/2004 20:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" []
"Performance Center"="C:\Program Files\Ascentive\Performance Center\ApcMain.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"iwcogug"="c:\windows\system32\iwcogug.exe" [25/06/2008 22:53]

C:\Documents and Settings\ravi ramiah\Start Menu\Programs\Startup\
DESKTOP.INI [10/08/2004 14:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 VR Tray Icon.lnk - C:\Program Files\AOL 9.0g\aoltray.exe [19/12/2007 19:04:24]
AOL Broadband Check-Up.lnk - C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe [19/12/2007 21:31:09]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [24/02/2005 22:26:16]
DESKTOP.INI [10/08/2004 14:04:12]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [24/02/2005 22:20:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"status"=present
"winlogon"=C:\heap41a\svchost.exe C:\heap41a\std.txt

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193}"= C:\WINDOWS\system32\rtmipr.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{759b9180-dedc-11db-a738-00038a000015}]
Auto\command- sal.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c24e4c00-fb95-11dc-992b-00038a000015}]
AutoRun\command- E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f824fbb0-cb6b-11dc-98dc-00038a000015}]
AutoRun\command- E:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-06-27 14:53:29 ------------

Im trying to find the other file but it isnt appearing in the tool the bar..the extra.txt file I mean!!!!! Cheers

Hi , I managed to find the extra.txt file...phew! thanks again
 

Attachments

· Registered
Joined
·
6 Posts
Discussion Starter · #2 ·
Hi GeekGirl,
The main problems are the computer has slowed drastically and the following keep popping up:

fp.gad-network.com-last softwares-microsoft internet explorer
fp.pc-on-internet.com-windows security centre-microsoft internet explorer
Other adware through Microsoft internet explorer
I used to, and still sometimes do, get pop-ups from the e-group, and Crazygirls. The computer has come to a blue screen saying it had to close to prevent damage and beginning dump of physical memory or something.....this happened 4 times in the past but not recently.

I had done a disc cleanup and defrag a few days back too...still very little change. Thats all the additional info I can give you at the moment.........
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top