New Poly Win32 - PLEASE help...

Thread Solved
1 2 Last »

Join Date: Jan 2008
Posts: 16
Reputation: apotoczny is an unknown quantity at this point 
Solved Threads: 0
apotoczny apotoczny is offline Offline
Newbie Poster

New Poly Win32 - PLEASE help...

 
0
  #1
Jan 27th, 2008
Hi,

I'm a total computer dummy (sorry). My computer got infected with New Poly Win32. I use McAfee and it stopped working. I tried to reinstall it and it wouldn't let me. In fact, it won't let me install any of the spyware/anti-wirus software that I tried to download. I could not download HijackThis nor AVG (therefore I could not run the log). I ran McAfee online scan and it showed that I have New Poly Win32 virus.
Also, I'm not able to restart the computer in the SAFE MODE (I get a blue screen with some error information). I'm completely stuck.
I will be extremely thankful if any of you walk me through the process of getting my poor, sick computer back! Thank you!
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: New Poly Win32 - PLEASE help...

 
0
  #2
Jan 28th, 2008
Mmm... McAfee finds, but .....
Try this:
Clean:
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
Scan:
==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.
[you may now be able to dl hijackthis...try, post a log if you can].
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: Jan 2008
Posts: 16
Reputation: apotoczny is an unknown quantity at this point 
Solved Threads: 0
apotoczny apotoczny is offline Offline
Newbie Poster

Re: New Poly Win32 - PLEASE help...

 
0
  #3
Jan 29th, 2008
Gerbil,

Thank you so much for responding.
I was able to ran ATF cleaner and Panda. After that I was able to download HiJackThis. Here are the two logs from Panda and HiJackThis.

Is there anything else I should do? Thank you again for your help!

Panda:
Incident Status Location

Virus:w32/bagle.hx.worm Disinfected Operating system
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Anna Wiktorowicz\Cookies\anna_wiktorowicz@tradedoubler[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Anna Wiktorowicz\Cookies\anna_wiktorowicz@zedo[1].txt
Virus:Trj/Banker.SW Disinfected C:\Program Files\Cliprex DVD Player Professional\Capthumb.dll
Spywarepyware/New.net Not disinfected C:\Program Files\Sciagniete\Cdvd.exe[NNCLXA638.EXE]
Adware:Adware/eZula Not disinfected C:\Program Files\Sciagniete\Cdvd.exe[Advtg.exe]
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\Sciagniete\Cdvd.exe[s4BarSp.exe]
Adware:Adware/nCase Not disinfected C:\Program Files\Sciagniete\Cdvd.exe[stubinstaller.exe]
Virus:Trj/Banker.SW Not disinfected C:\Program Files\Sciagniete\Cdvd.exe[Capthumb.dll]
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\102515.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\103171.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\107421.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\110171.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\110593.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\116375.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\117703.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\120000.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\122390.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\126750.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\127421.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\131484.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\133109.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\135078.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\138765.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\145796.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14624843.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14629406.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14640859.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14643031.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14645656.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14650078.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14651078.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14655890.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14672093.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14701859.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14705281.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14740406.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14750171.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14753781.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14850281.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14857921.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14862218.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14975750.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14991843.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14996734.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\15078046.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\15087031.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\15092671.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\151625.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\1542234.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\1565859.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\1579671.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\160187.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\162328.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\168578.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\178265.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\218625.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29144906.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29147453.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29152265.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29154078.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29154671.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29155109.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29177234.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29183203.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29189546.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29437000.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29521640.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29532250.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\324906.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\343828.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\350625.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\43686828.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\43700031.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\43714640.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\44033140.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\44041515.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\505218.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\524296.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\529718.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\58579687.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\58586000.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\68671.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\69812.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\73103703.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\73111890.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\73120375.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\80625.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\82656.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\84296.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\85390.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\87623593.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\87634500.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\89312.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\92843.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\95609.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\95812.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\mdelk.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\wintems.exe
Possible Virus. Not disinfected F:\Incoming\Portable GIMP2.2.10 Beta 1 (Multilingual)-portable_gimp_2.2.10_beta1_multilingual.zip[PortableGIMP/gimp/lib/gimp/2.0/plug-ins/webbrowser.exe]
------------------------------------------------------------------------------------------
And HiJackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 6:57:05 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anna Wiktorowicz\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\Anna Wiktorowicz\Local Settings\Application Data\CyberDefender\ssstbar.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\Anna Wiktorowicz\Local Settings\Application Data\CyberDefender\ssstbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\Anna Wiktorowicz\Local Settings\Application Data\CyberDefender\ssstbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\RunOnce: [Panda_cleaner] C:\WINDOWS\system32\ACTIVE~1\pavdr.exe C:\WINDOWS\system32\pavdr_actions.sys
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=f9ed62d2-da20-4818-96d8-7b95c72b662d
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...16/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

Thanks again!
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: New Poly Win32 - PLEASE help...

 
0
  #4
Jan 29th, 2008
Anna, that looks like a good cleaning by Panda... I suspected the Bagle worm from your symptoms..
=Be VERY wary of this [from eZula?]:
Possible Virus. Not disinfected F:\Incoming\Portable GIMP2.2.10 Beta 1 (Multilingual)-portable_gimp_2.2.10_beta1_multilingual.zip[PortableGIMP/gimp/lib/gimp/2.0/plug-ins/webbrowser.exe]
=C:\Program Files\Sciagniete\Cdvd.exe - to me this does not like the Cliprex mp3 player...? Is it? Panda gives several different warnings for it at the top of the report. Seems doubtful to me, my advice would be to uninstall it via Add/remove pgms.
=I see that you have MyWay Search Assistant [there, courtesy DELL]. You can get rid of it if you wish...
First see if it is listed in Add/Remove pgms list - remove it if able, then..
Go start > run, paste:
MsiExec.exe /X {78d944d7-a97b-4004-ab0a-b5ad06839940} -and Enter. If it is found click yes at the prompt.
Next delete the MyWay files/folder in Program Files [use myway as a search string...].
=Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.htmlR3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

Good. Now delete your copy of hijackthis, and download this: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop.
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: Jul 2007
Posts: 271
Reputation: overwhelmed is an unknown quantity at this point 
Solved Threads: 11
overwhelmed's Avatar
overwhelmed overwhelmed is offline Offline
Posting Whiz in Training

Re: New Poly Win32 - PLEASE help...

 
0
  #5
Jan 29th, 2008
also you need to do this READ CAREFULLY....

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".


The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
http://www.filehippo.com/download_ccleaner/

http://www.filehippo.com
Reply With Quote Quick reply to this message  
Join Date: Jan 2008
Posts: 16
Reputation: apotoczny is an unknown quantity at this point 
Solved Threads: 0
apotoczny apotoczny is offline Offline
Newbie Poster

Re: New Poly Win32 - PLEASE help...

 
0
  #6
Jan 29th, 2008
Gerbil and Overwhelmed,

I don't know how to thank you but really thanks for all the trouble you go through to help. I really appreciate it!

I did as you said with HJT and after that I scanned via McAfee website. Here is what it showed:

C:\WINDOWS\SYSTEM32\mdelk.exe New Poly Win32.

I could not install HJT, so I ran it from temp files. I still cannot download any software to my computer. I'm not sure how system works, but it looks like some files were corrupted to prevent from downloading anything to my computer.

Also, I cannot reboot in the SAFE MODE to follow Overwhelmed's steps (Thank you for trying to help, Overwhelmed!). I get an error message on a blue screen right after I press F8 and choose “restart in the safe mode” - then I have to reboot again. Grrr...

Here is the HiJackThisLog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:39 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Documents and Settings\Anna Wiktorowicz\Local Settings\Temporary Internet Files\Content.IE5\D9B7U88A\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=f9ed62d2-da20-4818-96d8-7b95c72b662d
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...17/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12692 bytes
Reply With Quote Quick reply to this message  
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: New Poly Win32 - PLEASE help...

 
0
  #7
Jan 29th, 2008
Hello, Anna, could you dl and run this please:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Deep, deep in the woods, but walking about.
Reply With Quote Quick reply to this message  
Join Date: Jul 2007
Posts: 271
Reputation: overwhelmed is an unknown quantity at this point 
Solved Threads: 11
overwhelmed's Avatar
overwhelmed overwhelmed is offline Offline
Posting Whiz in Training

Re: New Poly Win32 - PLEASE help...

 
0
  #8
Jan 30th, 2008
what spyware and antivirus do you use????
http://www.filehippo.com/download_ccleaner/

http://www.filehippo.com
Reply With Quote Quick reply to this message  
Join Date: Jan 2008
Posts: 16
Reputation: apotoczny is an unknown quantity at this point 
Solved Threads: 0
apotoczny apotoczny is offline Offline
Newbie Poster

Re: New Poly Win32 - PLEASE help...

 
0
  #9
Jan 30th, 2008
Originally Posted by overwhelmed View Post
what spyware and antivirus do you use????
Normally, I use McAfee. However, I tried re-installing it when it died on me a couple days ago and I couldn't. So now, I don't have any antivirus and I cannot dl any file...
Reply With Quote Quick reply to this message  
Join Date: Jan 2008
Posts: 16
Reputation: apotoczny is an unknown quantity at this point 
Solved Threads: 0
apotoczny apotoczny is offline Offline
Newbie Poster

Re: New Poly Win32 - PLEASE help...

 
0
  #10
Jan 30th, 2008
Originally Posted by gerbil View Post
Hello, Anna, could you dl and run this please:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
I cannot dl anything. When I do and I try to run it I get the message that [the progam] is not walid Win32 application. Can I just run it w/o downloading? I'll try it.
Reply With Quote Quick reply to this message  
Reply
1 2 Last »

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum


Views: 4629 | Replies: 26
Thread Tools Search this Thread



Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware antivirus apple audio avg botnet botnets censorship combofix commercial commercials conficker crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email exam exploit explorer facebook firefox gaming google gtaiv gumblar halloween herss.exe hosting ie8 internet iphone kaspersky legal links logfiles mail malware mcafee mega-d messagelabs microsoft msn nazi news norton obama onlinethreats paedophile panel patch pdf phishing police policeprovirusmba-mblockedinternetaccess privacy pro problem redirect redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted virus viruses vista volume vulnerability war warning web windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC