Someone help.. Activescan log and windows regisrty entries [Solved]
Recently ran Panda's Activescan and all these entries are listed.. How do I get rid of them? There are many more of them but due to the limited characters allowed per post I only decided to copy and paste a few.. My hijackthis log is clean..
Incident Status Location
Adware:adware/azesearch Not disinfected Windows Registry
Adware:adware/intcodec Not disinfected Windows Registry
Adware:adware/ieloader Not disinfected Windows Registry
Potentially unwanted tool:application/kill&clean Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF69DF00-2734-477F-8257-27CD04F88779}
Adware:adware/systemdoctor Not disinfected Windows Registry
Dialer:dialer.min Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB893839-10F0-4AF9-92FA-B23528F530AF}
Adware:adware/spywaresheriff Not disinfected Windows Registry
Adware:adware/adrotator Not disinfected Windows Registry
Adware:adware/netword Not disinfected Windows Registry
Adware:adware/wetoffice Not disinfected windows Registry
Adware:adware/spywaresoftstop Not disinfected Windows Registry
Adware:adware/mmediapd Not disinfected Windows Registry
Adware:adware/click Not disinfected Windows Registry
Adware:adware/quantos Not disinfected Windows Registry
Spyware:spyware/browseraccelerator Not disinfected Windows Registry
Adware:adware/wmmafia Not disinfected Windows Registry
Adware:adware/sinabar Not disinfected Windows Registry
Adware:adware/psic Not disinfected Windows Registry
Adware:adware/ourxin Not disinfected windows Registry
Adware:adware/idonate Not disinfected Windows Registry
Adware:adware/brands Not disinfected Windows Registry
Adware:adware/eztracks Not disinfected Windows Registry
Adware:adware/roogoo Not disinfected Windows Registry
Adware:adware/targetad Not disinfected Windows Registry
Adware:adware/yazzle Not disinfected Windows Registry
Adware:adware/gator.gotsmiley Not disinfected Windows Registry
Adware:adware/spywarequake Not disinfected Windows Registry
Dialer:dialer.gun Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFB51760-344E-4FFB-BFFF-4B18C7AC1D63}
Potentially unwanted tool:application/seekmo Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
Adware:adware/trustin Not disinfected Windows Registry
Adware:adware/vog Not disinfected Windows Registry
Adware:adware/emediacodec Not disinfected Windows Registry
Adware:adware/flyswat Not disinfected Windows Registry
Adware:adware/ready2wear Not disinfected Windows Registry
Spyware:spyware/searchnet Not disinfected Windows Registry
Potentially unwanted tool:application/mediapipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
Adware:adware/shorty Not disinfected Windows Registry
Adware:adware/spyfalcon Not disinfected Windows Registry
Adware:adware/alfacleaner Not disinfected Windows Registry
Adware:adware/adwaresheriff Not disinfected Windows Registry
Adware:adware/confusearch Not disinfected Windows Registry
Potentially unwanted tool:application/malwarewipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3103509-F6EC-4592-B5F2-FD862199D778}
Adware:adware/youcouldwinthis Not disinfected Windows Registry
Potentially unwanted tool:application/errorsafe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
Adware:adware/spywarestrike Not disinfected Windows Registry
Dialer:dialer.fgw Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF25B447-C0EF-49BB-97D8-D7C3FA27DF5F}
Adware:adware/fchelp Not disinfected Windows Registry
Adware:adware/rbtoolbar Not disinfected Windows Registry
Adware:adware/dropspam Not disinfected Windows Registry
Dialer:dialer.epr Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E15D681-1D20-11D4-8B72-000021DA1956}
Adware:adware/startpage.anl Not disinfected Windows Registry
Adware:adware/crystalys Not disinfected Windows Registry
Adware:adware/adwhere Not disinfected Windows Registry
Adware:adware/winhound Not disinfected Windows Registry
Adware:adware/cws.payfortraffic Not disinfected Windows Registry
Dialer:dialer.dxp Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C881E6FC-C673-4FDD-AEF8-B36DFB10E401}
Potentially unwanted tool:application/spyaxe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
Adware:adware/enhancemsearch Not disinfected Windows Registry
Dialer:dialer.dvj Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c32ee4cb-e99f-4147-bfae-67ff3b6f8076}
Adware:adware/borlander Not disinfected Windows Registry
Incident Status Location
Adware:adware/azesearch Not disinfected Windows Registry
Adware:adware/intcodec Not disinfected Windows Registry
Adware:adware/ieloader Not disinfected Windows Registry
Potentially unwanted tool:application/kill&clean Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF69DF00-2734-477F-8257-27CD04F88779}
Adware:adware/systemdoctor Not disinfected Windows Registry
Dialer:dialer.min Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB893839-10F0-4AF9-92FA-B23528F530AF}
Adware:adware/spywaresheriff Not disinfected Windows Registry
Adware:adware/adrotator Not disinfected Windows Registry
Adware:adware/netword Not disinfected Windows Registry
Adware:adware/wetoffice Not disinfected windows Registry
Adware:adware/spywaresoftstop Not disinfected Windows Registry
Adware:adware/mmediapd Not disinfected Windows Registry
Adware:adware/click Not disinfected Windows Registry
Adware:adware/quantos Not disinfected Windows Registry
Spyware:spyware/browseraccelerator Not disinfected Windows Registry
Adware:adware/wmmafia Not disinfected Windows Registry
Adware:adware/sinabar Not disinfected Windows Registry
Adware:adware/psic Not disinfected Windows Registry
Adware:adware/ourxin Not disinfected windows Registry
Adware:adware/idonate Not disinfected Windows Registry
Adware:adware/brands Not disinfected Windows Registry
Adware:adware/eztracks Not disinfected Windows Registry
Adware:adware/roogoo Not disinfected Windows Registry
Adware:adware/targetad Not disinfected Windows Registry
Adware:adware/yazzle Not disinfected Windows Registry
Adware:adware/gator.gotsmiley Not disinfected Windows Registry
Adware:adware/spywarequake Not disinfected Windows Registry
Dialer:dialer.gun Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFB51760-344E-4FFB-BFFF-4B18C7AC1D63}
Potentially unwanted tool:application/seekmo Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
Adware:adware/trustin Not disinfected Windows Registry
Adware:adware/vog Not disinfected Windows Registry
Adware:adware/emediacodec Not disinfected Windows Registry
Adware:adware/flyswat Not disinfected Windows Registry
Adware:adware/ready2wear Not disinfected Windows Registry
Spyware:spyware/searchnet Not disinfected Windows Registry
Potentially unwanted tool:application/mediapipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
Adware:adware/shorty Not disinfected Windows Registry
Adware:adware/spyfalcon Not disinfected Windows Registry
Adware:adware/alfacleaner Not disinfected Windows Registry
Adware:adware/adwaresheriff Not disinfected Windows Registry
Adware:adware/confusearch Not disinfected Windows Registry
Potentially unwanted tool:application/malwarewipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3103509-F6EC-4592-B5F2-FD862199D778}
Adware:adware/youcouldwinthis Not disinfected Windows Registry
Potentially unwanted tool:application/errorsafe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
Adware:adware/spywarestrike Not disinfected Windows Registry
Dialer:dialer.fgw Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF25B447-C0EF-49BB-97D8-D7C3FA27DF5F}
Adware:adware/fchelp Not disinfected Windows Registry
Adware:adware/rbtoolbar Not disinfected Windows Registry
Adware:adware/dropspam Not disinfected Windows Registry
Dialer:dialer.epr Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E15D681-1D20-11D4-8B72-000021DA1956}
Adware:adware/startpage.anl Not disinfected Windows Registry
Adware:adware/crystalys Not disinfected Windows Registry
Adware:adware/adwhere Not disinfected Windows Registry
Adware:adware/winhound Not disinfected Windows Registry
Adware:adware/cws.payfortraffic Not disinfected Windows Registry
Dialer:dialer.dxp Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C881E6FC-C673-4FDD-AEF8-B36DFB10E401}
Potentially unwanted tool:application/spyaxe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
Adware:adware/enhancemsearch Not disinfected Windows Registry
Dialer:dialer.dvj Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c32ee4cb-e99f-4147-bfae-67ff3b6f8076}
Adware:adware/borlander Not disinfected Windows Registry
0
This discussion has been closed.
Comments
Unzip the program to it's own folder or to your desktop. Run the program and ask it to do a scan and save a logfile. The log will open in Notepad. Copy and paste the entire contents of the log in your next reply.
Scan saved at 6:40:21 PM, on 9/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Program Files\TooLz\hijackthis_199\HijackThis.exe
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Class - {676204C2-8410-D967-EEAC-EF62702555CC} - C:\WINDOWS\npvxc1.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101264244\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14145E0B-761F-42E1-B1C5-61BFB52DCC78}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Class - {676204C2-8410-D967-EEAC-EF62702555CC} - C:\WINDOWS\npvxc1.dll (file missing)
Close all other browsers/windows and click Fix Checked. Close Hijack This. Reboot the PC and post a fresh log.
Once updated disconnect your PC from the internet, physically. Then run a full scan with Windows Defender. I can't remember if Defender generates a log file when it is done, but if it does post it here. If not, run the Panda Scan again after the Defender scan. Post back with the Panda Scan (or Defender scan) and a fresh Hijack This log.
This should take care of any registry entries that might be spawning malware.
When all this is complete you should also consider upgrading your Windows Installation to SP2. Please visit http://windowsupdate.microsoft.com for all available updates.
I noticed you have Ewido Security Suite installed. Is it updated and is it a current version? (Ewido Anti-Malware would be my choice for the next step)
It would be my preference that if you don't want to install Defender or can't, then we should use Ewido to do a full system scan. It would also take care of the registry entries, etc. Let me know what you would like to do. Like I said there doesn't appear to be anything dangerous in your log, you just need a clean up.
Also the same entires show up on my hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 8:08:57 PM, on 9/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TooLz\hijackthis_199\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {676204C2-8410-D967-EEAC-EF62702555CC} - C:\WINDOWS\npvxc1.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101264244\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158200905484
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14145E0B-761F-42E1-B1C5-61BFB52DCC78}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Skywalker
I have spoken to a friend and he recommends that I should do the same.. All of my attempts in cleaning my computer have been unsuccesful. I would like to now how to reformat my computer and start fresh. Thanks again, for your efforts.
http://www.short-media.com/forum/forumdisplay.php?f=8