If geeks love it, we’re on it

Howdy, Stranger!

You found the friendliest gaming & tech geeks around. Say hello!

Someone help.. Activescan log and windows regisrty entries [Solved]

Recently ran Panda's Activescan and all these entries are listed.. How do I get rid of them? There are many more of them but due to the limited characters allowed per post I only decided to copy and paste a few.. My hijackthis log is clean..


Incident Status Location

Adware:adware/azesearch Not disinfected Windows Registry
Adware:adware/intcodec Not disinfected Windows Registry
Adware:adware/ieloader Not disinfected Windows Registry
Potentially unwanted tool:application/kill&clean Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF69DF00-2734-477F-8257-27CD04F88779}
Adware:adware/systemdoctor Not disinfected Windows Registry
Dialer:dialer.min Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB893839-10F0-4AF9-92FA-B23528F530AF}
Adware:adware/spywaresheriff Not disinfected Windows Registry
Adware:adware/adrotator Not disinfected Windows Registry
Adware:adware/netword Not disinfected Windows Registry
Adware:adware/wetoffice Not disinfected windows Registry
Adware:adware/spywaresoftstop Not disinfected Windows Registry
Adware:adware/mmediapd Not disinfected Windows Registry
Adware:adware/click Not disinfected Windows Registry
Adware:adware/quantos Not disinfected Windows Registry
Spyware:spyware/browseraccelerator Not disinfected Windows Registry
Adware:adware/wmmafia Not disinfected Windows Registry
Adware:adware/sinabar Not disinfected Windows Registry
Adware:adware/psic Not disinfected Windows Registry
Adware:adware/ourxin Not disinfected windows Registry
Adware:adware/idonate Not disinfected Windows Registry
Adware:adware/brands Not disinfected Windows Registry
Adware:adware/eztracks Not disinfected Windows Registry
Adware:adware/roogoo Not disinfected Windows Registry
Adware:adware/targetad Not disinfected Windows Registry
Adware:adware/yazzle Not disinfected Windows Registry
Adware:adware/gator.gotsmiley Not disinfected Windows Registry
Adware:adware/spywarequake Not disinfected Windows Registry
Dialer:dialer.gun Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFB51760-344E-4FFB-BFFF-4B18C7AC1D63}
Potentially unwanted tool:application/seekmo Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
Adware:adware/trustin Not disinfected Windows Registry
Adware:adware/vog Not disinfected Windows Registry
Adware:adware/emediacodec Not disinfected Windows Registry
Adware:adware/flyswat Not disinfected Windows Registry
Adware:adware/ready2wear Not disinfected Windows Registry
Spyware:spyware/searchnet Not disinfected Windows Registry
Potentially unwanted tool:application/mediapipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
Adware:adware/shorty Not disinfected Windows Registry
Adware:adware/spyfalcon Not disinfected Windows Registry
Adware:adware/alfacleaner Not disinfected Windows Registry
Adware:adware/adwaresheriff Not disinfected Windows Registry
Adware:adware/confusearch Not disinfected Windows Registry
Potentially unwanted tool:application/malwarewipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3103509-F6EC-4592-B5F2-FD862199D778}
Adware:adware/youcouldwinthis Not disinfected Windows Registry
Potentially unwanted tool:application/errorsafe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
Adware:adware/spywarestrike Not disinfected Windows Registry
Dialer:dialer.fgw Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF25B447-C0EF-49BB-97D8-D7C3FA27DF5F}
Adware:adware/fchelp Not disinfected Windows Registry
Adware:adware/rbtoolbar Not disinfected Windows Registry
Adware:adware/dropspam Not disinfected Windows Registry
Dialer:dialer.epr Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E15D681-1D20-11D4-8B72-000021DA1956}
Adware:adware/startpage.anl Not disinfected Windows Registry
Adware:adware/crystalys Not disinfected Windows Registry
Adware:adware/adwhere Not disinfected Windows Registry
Adware:adware/winhound Not disinfected Windows Registry
Adware:adware/cws.payfortraffic Not disinfected Windows Registry
Dialer:dialer.dxp Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C881E6FC-C673-4FDD-AEF8-B36DFB10E401}
Potentially unwanted tool:application/spyaxe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
Adware:adware/enhancemsearch Not disinfected Windows Registry
Dialer:dialer.dvj Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c32ee4cb-e99f-4147-bfae-67ff3b6f8076}
Adware:adware/borlander Not disinfected Windows Registry

Comments

  • skywalker45skywalker45 Bloomington, IN. USA
    edited Sep 2006
    It appears there's a lot happening there but you need to post a Hijack This log. If you don't have the program download it from here.

    Unzip the program to it's own folder or to your desktop. Run the program and ask it to do a scan and save a logfile. The log will open in Notepad. Copy and paste the entire contents of the log in your next reply.
  • edited Sep 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 6:40:21 PM, on 9/13/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\America Online 9.0b\waol.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\America Online 9.0b\shellmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\TooLz\hijackthis_199\HijackThis.exe

    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Class - {676204C2-8410-D967-EEAC-EF62702555CC} - C:\WINDOWS\npvxc1.dll (file missing)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101264244\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{14145E0B-761F-42E1-B1C5-61BFB52DCC78}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited Sep 2006
    Are you having any symptoms of malware? Pop-ups, etc? I don't see much in your log regardless of the Active Scan results. Run Hijack This again and put a check (tick) next to the following entries:

    R3 - URLSearchHook: (no name) - - (no file)

    O2 - BHO: Class - {676204C2-8410-D967-EEAC-EF62702555CC} - C:\WINDOWS\npvxc1.dll (file missing)

    Close all other browsers/windows and click Fix Checked. Close Hijack This. Reboot the PC and post a fresh log.
  • edited Sep 2006
    I removed the entries and rebooted but the entries keep popping up.. No other symptoms on my computer other than running a little slower.. Especially when I browse the internet.. Plaese help..
  • skywalker45skywalker45 Bloomington, IN. USA
    edited Sep 2006
    OK. Download and install Windows Defender from my signature below. Install the program using the most common options, not the custom options. Allow the program to update itself.

    Once updated disconnect your PC from the internet, physically. Then run a full scan with Windows Defender. I can't remember if Defender generates a log file when it is done, but if it does post it here. If not, run the Panda Scan again after the Defender scan. Post back with the Panda Scan (or Defender scan) and a fresh Hijack This log.

    This should take care of any registry entries that might be spawning malware.

    When all this is complete you should also consider upgrading your Windows Installation to SP2. Please visit http://windowsupdate.microsoft.com for all available updates.
  • edited Sep 2006
    Are these my only options?
  • skywalker45skywalker45 Bloomington, IN. USA
    edited Sep 2006
    Of course these aren't your only options, but with the lack of active, aggressive infection in your log I thought it would be the easiest.

    I noticed you have Ewido Security Suite installed. Is it updated and is it a current version? (Ewido Anti-Malware would be my choice for the next step)

    It would be my preference that if you don't want to install Defender or can't, then we should use Ewido to do a full system scan. It would also take care of the registry entries, etc. Let me know what you would like to do. Like I said there doesn't appear to be anything dangerous in your log, you just need a clean up.
  • edited Sep 2006
    I did run Ewido and it does not pick up those entries during or after the scan.. :rant: Let me know what I can do..

    Also the same entires show up on my hijackthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 8:08:57 PM, on 9/14/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\America Online 9.0b\waol.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\America Online 9.0b\shellmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\TooLz\hijackthis_199\HijackThis.exe

    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {676204C2-8410-D967-EEAC-EF62702555CC} - C:\WINDOWS\npvxc1.dll (file missing)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101264244\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158200905484
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{14145E0B-761F-42E1-B1C5-61BFB52DCC78}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited Sep 2006
    You have a rootkit. Rootkits are hard to remove and the only way to be sure it is fully removed is by reformatting. Let me know what you would like to do.

    Skywalker
  • edited Sep 2006
    You have a rootkit. Rootkits are hard to remove and the only way to be sure it is fully removed is by reformatting. Let me know what you would like to do.

    Skywalker

    I have spoken to a friend and he recommends that I should do the same.. All of my attempts in cleaning my computer have been unsuccesful. I would like to now how to reformat my computer and start fresh. Thanks again, for your efforts.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited Sep 2006
    No problem...just back up your personal files and then insert your Windows CD and make sure the PC is set up to boot from the CD-ROM. After that just follow the instructions. I'll close this thread now. If you need help with the reformat post in the following forum:

    http://www.short-media.com/forum/forumdisplay.php?f=8
This discussion has been closed.

The 5¢ Tour