Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help! Problem with BlazeFind?


  • This topic is locked This topic is locked
24 replies to this topic

#1 straycat

straycat

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 03 February 2006 - 11:32 PM

Hi, I hope someone can help me. I have removed BlazeFind many times with Spybot, Ad-Aware
and also Xclean-micro. I also have SpywareBlaster installed and am using Avast Antivirus. Every
time I reboot the wretched BlazeFind is back, so I am assuming that something is being left on
the system. The computer starts acting eratic, not just the FireFox browser I am using, but
programs begin suddenly opening all at once -- and I can't shut them down without rebooting --
especially the Startup. I tried to remove BlazeFind manually with instructions from Bazooka.
I found a few suspicious entries in the registry, but was afraid to delete anything because I'm
not sure what I'm doing.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveXCompatibility\{71ED4FBA-4024-4bbe-91DC-9704C93F453E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\ {83DE62E0-5805-11D8-9B25-00E04C60FAF2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\ {C5941EE5-6DFA-11D8-86B0-0002441A9695}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\ {FBED6A02-71FB-11D8-86B0-0002441A9695}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.c\PersistentHandler{5e941d80-bf96-11cd-b597-08002b30bfeb}

Here is my HijackThis log: Thanks in advance for any help!

--------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:59:02 PM, on 03/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Conversions Plus\MacName.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mybc.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.britannica.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 216.232.191.48
O1 - Hosts: 205.238.40.2 www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F-C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office
2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\ProgramFiles\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\ProgramFiles\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\ProgramFiles\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://C:\ProgramFiles\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) -

http://www.pandasoft.../as5/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner

- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program

Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program

Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program

Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd -

C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: MacFormatService - Unknown owner - C:\Program

Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)

    Advertisements

Register to Remove


#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 04 February 2006 - 09:37 PM

Please download hoster from the link below.

http://www.funkytoad...load/hoster.zip

Open Hoster.exe.

Then click on "Restore Original Hosts"

Close program when complete.

Step # 1

Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

http://www.majorgeek...7fd6b3ff02edc90

REBOOT

Step #2

Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.

Spybot & Adaware Tutorial

REBOOT

Step # 3

Then do a virus scan here >>> Trend Micro

Step # 4

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3 straycat

straycat

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 06 February 2006 - 01:42 AM

Hi, thanks so much for your help. I've worked through all the steps you listed, but there was a few
problems. I was unable to get the virus scan from Trend Micro to work, no matter what I did -- it
just kept freezing and refused to load -- had to keep rebooting. Also, Ewido refused to save the
report of the scan - kept giving an error message.

So here is some info I managed to save:

209 infected objects found!

Scanned objects: 411.775

Skipped objects: 0

Infected objects: 209

cleaned infections: 210

Ignored infections: 0

Scan started at: 05/02/2006 8:56:59 PM

Elapsed time: 71 min 51 sec

Currently scanning: Scan finished

In the Ewido program files I found this log file:

RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002
RegQueryValueEx failed, Value: 00000002


----------------------------------------------

Here is the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:28:11 PM, on 05/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Conversions Plus\MacName.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Hijack\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mybc.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.britannica.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 216.232.191.48
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: MacFormatService - Unknown owner - C:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)

Edited by straycat, 06 February 2006 - 01:52 AM.


#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 06 February 2006 - 10:26 PM

Please do an online scan with Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post as well as a bew hijackthis log please.


#5 straycat

straycat

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 07 February 2006 - 01:25 AM

OK, this time the scan worked. Thanks! Here are the logs:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, February 06, 2006 23:08:48
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/02/2006
Kaspersky Anti-Virus database records: 175340
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 85172
Number of viruses found: 16
Number of infected objects: 55
Number of suspicious objects: 0
Duration of the scan process: 4936 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Linda Lou Brown.UNANA\Local Settings\Temp\bar.exe/data0001 Infected: not-a-virus:AdWare.Win32.IeSearchBar
C:\Documents and Settings\Linda Lou Brown.UNANA\Local Settings\Temp\bar.exe Infected: not-a-virus:AdWare.Win32.IeSearchBar
C:\Program Files\Alwil Software\Avast4\Data\chest\0000000D/data0007 Infected: Trojan-Downloader.Win32.Swizzor.l
C:\Program Files\Alwil Software\Avast4\Data\chest\0000000D Infected: Trojan-Downloader.Win32.Swizzor.l
C:\Program Files\Alwil Software\Avast4\Data\chest\0000000E/data0007 Infected: Trojan-Downloader.Win32.Swizzor.l
C:\Program Files\Alwil Software\Avast4\Data\chest\0000000E Infected: Trojan-Downloader.Win32.Swizzor.l
C:\Program Files\Alwil Software\Avast4\Data\chest\0000000F/data0007 Infected: Trojan-Downloader.Win32.Swizzor.l
C:\Program Files\Alwil Software\Avast4\Data\chest\0000000F Infected: Trojan-Downloader.Win32.Swizzor.l
C:\Program Files\Alwil Software\Avast4\Data\chest\00000010 Infected: not-a-virus:AdWare.Win32.180Solutions
C:\Program Files\Alwil Software\Avast4\Data\chest\00000011 Infected: not-a-virus:AdWare.Win32.180Solutions
C:\Program Files\Alwil Software\Avast4\Data\chest\00000012 Infected: Trojan-Downloader.Win32.Dyfuca.ac
C:\Program Files\Alwil Software\Avast4\Data\chest\00000013 Infected: Trojan-Downloader.Win32.Dyfuca.j
C:\Program Files\Alwil Software\Avast4\Data\chest\00000014 Infected: Trojan-Downloader.Win32.Dyfuca.j
C:\Program Files\Alwil Software\Avast4\Data\chest\00000015 Infected: Trojan-Downloader.Win32.Dyfuca.ac
C:\Program Files\Alwil Software\Avast4\Data\chest\00000016 Infected: Trojan-Downloader.Win32.Dyfuca.ac
C:\Program Files\Alwil Software\Avast4\Data\chest\00000017 Infected: not-a-virus:AdWare.Win32.180Solutions
C:\Program Files\Alwil Software\Avast4\Data\chest\00000018 Infected: not-a-virus:AdWare.Win32.180Solutions
C:\Program Files\Alwil Software\Avast4\Data\chest\00000019 Infected: Trojan-Downloader.Win32.Dyfuca.ac
C:\Program Files\Alwil Software\Avast4\Data\chest\0000001A Infected: Trojan-Downloader.Win32.Dyfuca.ak
C:\Program Files\Alwil Software\Avast4\Data\chest\0000001B Infected: Trojan-Downloader.Win32.Dyfuca.ac
C:\Program Files\Alwil Software\Avast4\Data\chest\0000001C Infected: Trojan-Downloader.Win32.Dyfuca.ac
C:\Program Files\Alwil Software\Avast4\Data\chest\0000001D Infected: Trojan-Downloader.Win32.Dyfuca.j
C:\Program Files\Alwil Software\Avast4\Data\chest\0000001E Infected: Trojan-Downloader.Win32.Dyfuca.j
C:\Program Files\Alwil Software\Avast4\Data\chest\0000001F Infected: Trojan-Downloader.Win32.Small.en
C:\Program Files\Alwil Software\Avast4\Data\chest\00000020 Infected: Email-Worm.Win32.Zafi.b
C:\Program Files\Alwil Software\Avast4\Data\chest\00000021 Infected: Trojan-Spy.Win32.Briss.g
C:\Program Files\Alwil Software\Avast4\Data\chest\00000023 Infected: not-a-virus:AdWare.Win32.BiSpy.a
C:\Program Files\Alwil Software\Avast4\Data\chest\00000024 Infected: Trojan-Spy.Win32.Briss.g
C:\Program Files\Alwil Software\Avast4\Data\chest\00000025 Infected: Trojan-Downloader.Win32.Small.en
C:\Program Files\Alwil Software\Avast4\Data\chest\00000026 Infected: Trojan-Clicker.Win32.Delf.r
C:\Program Files\Alwil Software\Avast4\Data\chest\00000027 Infected: Trojan-Dropper.Win32.Delf.z
C:\Program Files\Alwil Software\Avast4\Data\chest\00000028 Infected: Trojan-Dropper.Win32.Delf.z
C:\Program Files\Alwil Software\Avast4\Data\chest\0000002A Infected: Trojan-Dropper.Win32.Delf.z
C:\Program Files\Alwil Software\Avast4\Data\chest\0000002B Infected: Trojan-Clicker.Win32.Delf.r
C:\Program Files\Alwil Software\Avast4\Data\chest\0000002C Infected: Email-Worm.Win32.Zafi.b
C:\Program Files\Alwil Software\Avast4\Data\chest\0000002D Infected: Email-Worm.Win32.Zafi.b
C:\Program Files\Alwil Software\Avast4\Data\chest\0000002E Infected: Trojan-Spy.Win32.Briss.g
C:\Program Files\Alwil Software\Avast4\Data\chest\0000002F Infected: not-a-virus:Downloader.Win32.Casino
C:\Program Files\Alwil Software\Avast4\Data\chest\00000030 Infected: P2P-Worm.Win32.Tibick
C:\Program Files\Alwil Software\Avast4\Data\chest\00000031 Infected: Backdoor.Win32.Assasin.20.s
C:\Program Files\Alwil Software\Avast4\Data\chest\00000032 Infected: Backdoor.Win32.Assasin.20.s
C:\Program Files\Alwil Software\Avast4\Data\chest\00000033 Infected: Backdoor.Win32.Assasin.20.s
C:\Program Files\Alwil Software\Avast4\Data\chest\00000035 Infected: P2P-Worm.Win32.Tibick
C:\Program Files\Alwil Software\Avast4\Data\chest\00000036 Infected: P2P-Worm.Win32.Tibick
C:\Program Files\Alwil Software\Avast4\Data\chest\00000037 Infected: P2P-Worm.Win32.Tibick
C:\Program Files\Alwil Software\Avast4\Data\chest\00000038 Infected: P2P-Worm.Win32.Tibick
C:\Program Files\Alwil Software\Avast4\Data\chest\00000039 Infected: P2P-Worm.Win32.Tibick
C:\Program Files\Alwil Software\Avast4\Data\chest\0000003A Infected: P2P-Worm.Win32.Tibick
C:\Program Files\Alwil Software\Avast4\Data\chest\0000003B Infected: P2P-Worm.Win32.Tibick
C:\Program Files\Alwil Software\Avast4\Data\chest\0000003C Infected: P2P-Worm.Win32.Tibick
C:\Program Files\Alwil Software\Avast4\Data\chest\0000003D Infected: P2P-Worm.Win32.Tibick
C:\Program Files\Alwil Software\Avast4\Data\chest\0000003E Infected: P2P-Worm.Win32.Tibick
C:\Program Files\Alwil Software\Avast4\Data\chest\00000045 Infected: Email-Worm.Win32.Zafi.b
C:\Program Files\Alwil Software\Avast4\Data\chest\00000048 Infected: Trojan-Dropper.Win32.Delf.fl
C:\Program Files\Alwil Software\Avast4\Data\chest\0000004B Infected: Email-Worm.Win32.Zafi.b

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 11:17:17 PM, on 06/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Conversions Plus\MacName.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mybc.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.britannica.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 216.232.191.48
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: MacFormatService - Unknown owner - C:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 07 February 2006 - 01:30 AM

Download CCleaner from here >>>>> http://www.majorgeek...wnload4191.html

Save it to your desktop. Open CCleaner and click on "run cleaner" at the bottom right.

Once done please reboot. How is it running after the reboot?

#7 straycat

straycat

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 07 February 2006 - 03:20 AM

So far it seems ok -- will have to see how it acts tomorrow. That cleaned off about 1gig of stuff. I suppose one should run all these programs frequently. It seems like Spybot, Ad-aware & SpywareBlaster are not enough! Perhaps the Avast antivirus is not so good & I should consider a different program.

Edited by straycat, 07 February 2006 - 03:21 AM.


#8 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 07 February 2006 - 03:28 AM

Avast is a good antivirus and did its job. It is designed for viruses not spyware and other garbage. A layerd approach is the best approach. Let me know how it is in the next day or so then we can get you finished off.

#9 straycat

straycat

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 09 February 2006 - 12:39 AM

Guess I was being optimistic. The problem with the machine is still happening, whether the browser is open or not -- start menu opens suddenly & everything goes crazy, programs opening & shutting all over the place & total loss of control to stop it. Perhaps something in Windows has become corrupted. Today's scans removed reg entries for something called SpywareNo! and a lot of Mozilla tracking cookies.

#10 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 09 February 2006 - 02:27 PM

Ok new hijackthis log please.

    Advertisements

Register to Remove


#11 straycat

straycat

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 09 February 2006 - 05:00 PM

Ok, here it is:

Logfile of HijackThis v1.99.1
Scan saved at 2:54:50 PM, on 09/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Conversions Plus\MacName.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mybc.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.britannica.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 216.232.191.48
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: MacFormatService - Unknown owner - C:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)

#12 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 09 February 2006 - 05:47 PM

Click here to run ActiveScan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Paste the contents of the Panda scan report along with a new HijackThis Log in your next reply.

#13 straycat

straycat

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 10 February 2006 - 12:32 AM

Here it is. For some reason I had to uninstall Microsoft Greetings Workshop before the scan
would work. It took three attempts.


Spyware:spyware/betterinet Not disinfected
C:\WINDOWS\INF\biini.inf

Adware:adware/ncase Not disinfected
C:\WINDOWS\didduid.ini

Spyware:Cookie/Hitbox Not disinfected
C:\Documents and Settings\Linda Lou Brown.UNANA\Cookies\linda lou brown@hitbox[2].txt

Spyware:Cookie/Belnk Not disinfected
C:\Documents and Settings\Linda Lou Brown.UNANA\Application Data\Mozilla\Firefox\Profiles\e906ys2h.default\cookies.txt[.belnk.com/]

Spyware:Cookie/Apmebf Not disinfected
C:\Documents and Settings\Linda Lou Brown.UNANA\Application Data\Mozilla\Firefox\Profiles\e906ys2h.default\cookies.txt[.apmebf.com/]

Spyware:Cookie/Toplist Not disinfected
C:\Documents and Settings\Linda Lou Brown.UNANA\Application Data\Mozilla\Firefox\Profiles\e906ys2h.default\cookies.txt[.toplist.cz/]

Potentially unwanted tool:Application/Psshutdown.A Not disinfected
C:\Documents and Settings\All Users\Documents\ebooks\Ebook - Microsoft Windows XP Inside Out.zip[shutdown.exe]

Spyware:Cookie/Belnk Not disinfected
C:\Documents and Settings\Linda Lou Brown.UNANA\Application Data\Mozilla\Firefox\Profiles\e906ys2h.default\cookies.txt[]

Spyware:Cookie/Hitbox Not disinfected
C:\Documents and Settings\Linda Lou Brown.UNANA\Cookies\linda lou brown@hitbox[2].txt

Potentially unwanted tool:Application/Psshutdown.A Not disinfected
C:\Documents and Settings\Linda Lou Brown.UNANA\My Documents\backup\My eBooks\edit\Ebook - Microsoft Windows XP Inside Out.zip[shutdown.exe]

Potentially unwanted tool:Application/Psshutdown.A Not disinfected
C:\Documents and Settings\Linda Lou Brown.UNANA\My Documents\My eBooks\edit\Ebook - Microsoft Windows XP Inside Out.zip[shutdown.exe]

Spyware:Spyware/BetterInet Not disinfected
C:\WINDOWS\inf\biini.inf


Logfile of HijackThis v1.99.1
Scan saved at 10:07:33 PM, on 09/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Conversions Plus\MacName.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mybc.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.britannica.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 216.232.191.48
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: MacFormatService - Unknown owner - C:\Program Files\Conversions Plus\FORMATM.EXE" /SERVICE (file missing)

#14 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 10 February 2006 - 07:49 PM

Download TheKillbox from here http://www.downloads...org/KillBox.zip Save to your Desktop and double click it to open it up. In the 'Enter Full Path and Filename to Delete' box, copy and paste these entries one by one, clicking 'Find and Kill This File' after each one:

C:\WINDOWS\INF\biini.inf

C:\WINDOWS\didduid.ini

Download CCleaner from here >>>>> http://www.majorgeek...wnload4191.html

Save it to your desktop. Open CCleaner and click on "run cleaner" at the bottom right.

Download ATF Cleaner:
http://www.atribune....tent/view/19/2/
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

When done a prompt appears informing of such.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

Then reboot and a new log please.

#15 straycat

straycat

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 10 February 2006 - 11:45 PM

Ok, here it is:

Logfile of HijackThis v1.99.1
Scan saved at 9:34:30 PM, on 10/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Conversions Plus\MacName.exe
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mybc.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.britannica.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =

216.232.191.48
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office

2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L

ElbyCDFL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\Conversions Plus\MacLic.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: MacName.lnk = C:\Program Files\Conversions Plus\MacName.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -

http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido

anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido

anti-malware\ewidoguard.exe
O23 - Service: MacFormatService - Unknown owner - C:\Program Files\Conversions Plus\FORMATM.EXE"

/SERVICE (file missing)

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users