Disinfecting a PC… part 10



Before I get things wrapped up, I like to scan rinse and repeat until the scans come up clean. So, this scan of AVG gives a chance to delete the archive entry I mentioned the first pass it took. And spybot get’s updated from the internet and re-runs. All looks clean there… Ad-aware get’s an update check and runs again. Everything there looks clean now. The next thing to do is disable and uninstall tightvnc, I don’t want to leave bhodemon running at boot or the tea-timer from spybot now that things are fairly settled.


I also reset the Windows default theme (had been white text) and discover that was the cause of the missing checkboxes in the folder view settings window.

So, for old times sake here’s a hit of the highlights that the last scan to find anything interesting came up with…. here’s ad-aware’s quarantine. (minus the (long list) cookies).

ArchiveData(auto-quarantine- 2005-12-08 23-47-00.bckp)
Referencefile : SE1R78 07.12.2005

HI-WIRE

obj[0]=Regkey : clsid{28f00b04-dc4e-11d3-abec-005004a44eeb}
obj[1]=Regkey : clsid{28f00b0f-dc4e-11d3-abec-005004a44eeb}
obj[2]=Regkey : clsid{28f00b20-dc4e-11d3-abec-005004a44eeb}
obj[3]=Regkey : clsid{28f00b21-dc4e-11d3-abec-005004a44eeb}
obj[4]=Regkey : hiwire.configurator
obj[5]=Regkey : hiwire.configurator.1
obj[6]=Regkey : hiwire.register
obj[7]=Regkey : hiwire.register.1
obj[8]=Regkey : hiwire.transportcenter
obj[9]=Regkey : hiwire.transportcenter.1
obj[10]=Regkey : hiwire.userregrequest
obj[11]=Regkey : hiwire.userregrequest.1
obj[13]=Regkey : .DEFAULTsoftwarehiwire

404SEARCH

obj[12]=Regkey : .DEFAULTsoftwaresearch404
obj[471]=Folder : C:Program Files404Search
obj[536]=File : C:Program Files404search404Search.CAB
obj[537]=File : C:Program Files404searchmsvcr71.dll
obj[538]=File : C:Program Files404search404Search.dll
obj[539]=File : C:WINDOWSSYSTEMK404SearchSetup_MS18.exe

SECONDTHOUGHT

obj[14]=Regkey : .DEFAULTsoftwarestcclient
obj[472]=Regkey : softwarestc
obj[473]=Regkey : .defaultsoftwarestc
obj[474]=Folder : C:Program FilesSTC
obj[475]=Folder : c:\temporary
obj[481]=File : c:WINDOWSSYSTEMIdleUI.dll
obj[534]=File : c:Program FilesSTCSTC.exe
obj[540]=File : C:Program Filesstczilla.exe
obj[541]=File : C:Program Filesstctvmedia.exe
obj[542]=File : C:Program Filesstcbookedspace.exe
obj[543]=File : C:Program Filesstcwebrebates.exe
obj[544]=File : C:Program Filesstcmsbb_install.exe
obj[545]=File : C:Program Filesstcspywarelabs.exe
obj[546]=File : C:Program Filesstcmindset.exe
obj[547]=File : C:Program Filesstcezula.exe
obj[548]=File : C:Program Filesstcbundles.exe
obj[549]=File : C:Program Filesstcbundles53.exe
obj[550]=File : C:Program Filesstcbundles118.exe
obj[551]=File : c:temporaryinstall201.exe

ADROTATOR

obj[15]=Regkey : softwaremwsvm
obj[16]=RegValue : softwaremwsvm “dpk”
obj[17]=Regkey : softwareslmss
obj[18]=RegValue : softwareslmss “element”
obj[19]=RegValue : softwareslmss “1″
obj[20]=RegValue : softwareslmss “33″
obj[21]=RegValue : softwareslmss “25″
obj[22]=RegValue : softwareslmss “5″
obj[23]=RegValue : softwareslmss “3″
obj[483]=File : c:WINDOWSSYSTEMpuswxd.exe
obj[484]=File : c:WINDOWSSYSTEMpuswxc.exe
obj[527]=File : c:WINDOWSmwsvm.ocx
obj[528]=File : c:WINDOWSmwsvm.bin
obj[529]=File : c:WINDOWSurls.bin
obj[530]=File : c:WINDOWSvurls.bin
obj[533]=File : c:RecycledDc59.exe
obj[552]=File : C:WINDOWSSYSTEMhiwinnager.dat
obj[553]=File : C:WINDOWSmwsvm.dat
obj[554]=File : C:WINDOWSse255.dat
obj[555]=File : C:WINDOWSse633.dat
obj[556]=File : C:WINDOWSse383.dat
obj[557]=File : C:WINDOWSse834.dat
obj[558]=File : C:WINDOWSsearchen.dat
obj[559]=File : C:WINDOWSse80.dat
obj[560]=File : C:WINDOWSse410.dat
obj[561]=File : C:WINDOWSse639.dat
obj[562]=File : C:WINDOWSse971.dat
obj[563]=File : C:WINDOWSse701.dat
obj[564]=File : C:WINDOWSse20.dat
obj[565]=File : C:WINDOWSse102.dat
obj[566]=File : C:WINDOWSse804.dat
obj[567]=File : C:WINDOWSse964.dat
obj[568]=File : C:WINDOWSse473.dat
obj[569]=File : C:WINDOWSse71.dat
obj[570]=File : C:WINDOWSse738.dat
obj[571]=File : C:WINDOWSse941.dat
obj[572]=File : C:WINDOWSse525.dat
obj[573]=File : C:WINDOWSse789.dat
obj[574]=File : C:WINDOWSse920.dat
obj[575]=File : C:WINDOWSse106.dat
obj[576]=File : C:WINDOWSse323.dat
obj[577]=File : C:WINDOWSse426.dat
obj[578]=File : C:WINDOWSse496.dat
obj[579]=File : C:WINDOWSse358.dat
obj[580]=File : C:WINDOWSse876.dat
obj[581]=File : C:WINDOWSse244.dat
obj[582]=File : C:WINDOWSse136.dat
obj[583]=File : C:WINDOWSse517.dat
obj[584]=File : C:WINDOWSse271.dat
obj[585]=File : C:WINDOWSse256.dat
obj[586]=File : C:WINDOWSse822.dat
obj[587]=File : C:WINDOWSse94.dat
obj[588]=File : C:WINDOWSse86.dat
obj[589]=File : C:WINDOWSse404.dat
obj[590]=File : C:WINDOWSse160.dat
obj[591]=File : C:WINDOWSse978.dat
obj[592]=File : C:WINDOWSse577.dat
obj[593]=File : C:WINDOWSse611.dat
obj[594]=File : C:WINDOWSse139.dat
obj[595]=File : C:WINDOWSse123.dat
obj[596]=File : C:WINDOWSse320.dat
obj[597]=File : C:WINDOWSse476.dat
obj[598]=File : C:WINDOWSse377.dat
obj[599]=File : C:WINDOWSse951.dat
obj[600]=File : C:WINDOWSse423.dat
obj[601]=File : C:WINDOWSse242.dat
obj[602]=File : C:WINDOWSse970.dat
obj[603]=File : C:WINDOWSse571.dat
obj[604]=File : C:WINDOWSse866.dat
obj[605]=File : C:WINDOWSse658.dat
obj[606]=File : C:WINDOWSse865.dat
obj[607]=File : C:WINDOWSse880.dat
obj[608]=File : C:WINDOWSse325.dat
obj[609]=File : C:WINDOWSse78.dat
obj[610]=File : C:WINDOWSse769.dat
obj[611]=File : C:WINDOWSse704.dat
obj[612]=File : C:WINDOWSse652.dat
obj[613]=File : C:WINDOWSse262.dat
obj[614]=File : C:WINDOWSse317.dat
obj[615]=File : C:WINDOWSse241.dat
obj[616]=File : C:WINDOWSse138.dat
obj[617]=File : C:WINDOWSse933.dat
obj[618]=File : C:WINDOWSse677.dat
obj[619]=File : C:WINDOWSse671.dat
obj[620]=File : C:WINDOWSse818.dat
obj[621]=File : C:WINDOWSse380.dat
obj[622]=File : C:WINDOWSse938.dat
obj[623]=File : C:WINDOWSse434.dat
obj[624]=File : C:WINDOWSse374.dat
obj[625]=File : C:WINDOWSse790.dat
obj[626]=File : C:WINDOWSse132.dat
obj[627]=File : C:WINDOWSse369.dat
obj[628]=File : C:WINDOWSse872.dat
obj[629]=File : C:WINDOWSse133.dat
obj[630]=File : C:WINDOWSse129.dat
obj[631]=File : C:WINDOWSse808.dat
obj[632]=File : C:WINDOWSse8.dat
obj[633]=File : C:WINDOWSse163.dat
obj[634]=File : C:WINDOWSse782.dat
obj[635]=File : C:WINDOWSse268.dat
obj[636]=File : C:WINDOWSse670.dat
obj[637]=File : C:WINDOWSse537.dat
obj[638]=File : C:WINDOWSse67.dat
obj[639]=File : C:WINDOWSse376.dat
obj[640]=File : C:WINDOWSse161.dat
obj[641]=File : C:WINDOWSse620.dat
obj[642]=File : C:WINDOWSse631.dat
obj[643]=File : C:WINDOWSse5.dat
obj[644]=File : C:WINDOWSse692.dat
obj[645]=File : C:WINDOWSse833.dat
obj[646]=File : C:WINDOWSse438.dat
obj[647]=File : C:WINDOWSse134.dat
obj[648]=File : C:WINDOWSse96.dat
obj[649]=File : C:WINDOWSse867.dat
obj[650]=File : C:WINDOWSse884.dat
obj[651]=File : C:WINDOWSse251.dat
obj[652]=File : C:WINDOWSse913.dat
obj[653]=File : C:WINDOWSse805.dat
obj[654]=File : C:WINDOWSse145.dat
obj[655]=File : C:WINDOWSse605.dat
obj[656]=File : C:WINDOWSse868.dat
obj[657]=File : C:WINDOWSse419.dat
obj[658]=File : C:WINDOWSse647.dat
obj[659]=File : C:WINDOWSse58.dat
obj[660]=File : C:WINDOWSse921.dat
obj[661]=File : C:WINDOWSse177.dat
obj[662]=File : C:WINDOWSse13.dat
obj[663]=File : C:WINDOWSse975.dat
obj[664]=File : C:WINDOWSse777.dat
obj[665]=File : C:WINDOWSse1.dat
obj[666]=File : C:WINDOWSse915.dat
obj[667]=File : C:WINDOWSse412.dat
obj[668]=File : C:WINDOWSse40.dat
obj[669]=File : C:WINDOWSse181.dat
obj[670]=File : C:WINDOWSse840.dat
obj[671]=File : C:WINDOWSse182.dat
obj[672]=File : C:WINDOWSse63.dat
obj[673]=File : C:WINDOWSse21.dat
obj[674]=File : C:WINDOWSse852.dat
obj[675]=File : C:WINDOWSse835.dat
obj[676]=File : C:WINDOWSse923.dat
obj[677]=File : C:WINDOWSse590.dat
obj[678]=File : C:WINDOWSse595.dat
obj[679]=File : C:WINDOWSse629.dat
obj[680]=File : C:WINDOWSse651.dat
obj[681]=File : C:WINDOWSse411.dat
obj[682]=File : C:WINDOWSse696.dat
obj[683]=File : C:WINDOWSse194.dat
obj[684]=File : C:WINDOWSse765.dat
obj[685]=File : C:WINDOWSse703.dat
obj[686]=File : C:WINDOWSse151.dat
obj[687]=File : C:WINDOWSse463.dat
obj[688]=File : C:WINDOWSse141.dat
obj[689]=File : C:WINDOWSse165.dat
obj[690]=File : C:WINDOWSse541.dat
obj[691]=File : C:WINDOWSse773.dat
obj[692]=File : C:WINDOWSse235.dat
obj[693]=File : C:WINDOWSse270.dat
obj[694]=File : C:WINDOWSse198.dat
obj[695]=File : C:WINDOWSse486.dat
obj[696]=File : C:WINDOWSse791.dat
obj[697]=File : C:WINDOWSse87.dat
obj[698]=File : C:WINDOWSse213.dat
obj[699]=File : C:WINDOWSse22.dat
obj[700]=File : C:WINDOWSse972.dat
obj[701]=File : C:WINDOWSse903.dat
obj[702]=File : C:WINDOWSse208.dat
obj[703]=File : C:WINDOWSse778.dat
obj[704]=File : C:WINDOWSse657.dat
obj[705]=File : C:WINDOWSse38.dat
obj[706]=File : C:WINDOWSse666.dat
obj[707]=File : C:WINDOWSse109.dat
obj[708]=File : C:WINDOWSse801.dat
obj[709]=File : C:WINDOWSse41.dat
obj[710]=File : C:WINDOWSse935.dat
obj[711]=File : C:WINDOWSse276.dat
obj[712]=File : C:WINDOWSse315.dat
obj[713]=File : C:WINDOWSse718.dat
obj[714]=File : C:WINDOWSse676.dat
obj[715]=File : C:WINDOWSse588.dat
obj[716]=File : C:WINDOWSse474.dat
obj[717]=File : C:WINDOWSse937.dat
obj[718]=File : C:WINDOWSse373.dat
obj[719]=File : C:WINDOWSse924.dat
obj[720]=File : C:WINDOWSse459.dat
obj[721]=File : C:WINDOWSse583.dat
obj[722]=File : C:WINDOWSse722.dat
obj[723]=File : C:WINDOWSse927.dat
obj[724]=File : C:WINDOWSse700.dat
obj[725]=File : C:WINDOWSse226.dat

ALEXA

obj[24]=Regkey : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a}
obj[25]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “MenuStatusBar”
obj[26]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “Script”
obj[27]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “clsid”
obj[28]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “Icon”
obj[29]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “HotIcon”
obj[30]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “ButtonText”
obj[31]=RegValue : .DEFAULTsoftwaremicrosoftinternet explorerextensionscmdmapping “{c95fe080-8f5d-11d2-a20b-00aa003c157a}”

FAVORITEMAN

obj[32]=RegValue : .DEFAULTsoftwaremicrosoftwindows “Counter”
obj[33]=RegValue : .DEFAULTsoftwaremicrosoftwindows “Server”
obj[34]=RegValue : .DEFAULTsoftwaremicrosoftwindows “Object”
obj[726]=File : C:WINDOWSSYSTEMim64.dll
obj[727]=File : C:WINDOWSSYSTEMsetup_incred_6.exe

TVMEDIA

obj[35]=RegValue : .DEFAULTsoftwaremicrosoftinternet explorerurlsearchhooks “{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}”
obj[36]=RegValue : softwaremicrosoftinternet explorerurlsearchhooks “{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}”
obj[476]=Folder : C:Program FilesTV Media

VX2

obj[477]=RegValue : softwaremicrosoftinternet explorermedia “data”
obj[478]=Folder : C:WINDOWSFavoritesAT-Games
obj[480]=File : c:WINDOWSSYSTEMTSP8.EXE
obj[494]=File : c:WINDOWSTEMPjkill.exe
obj[526]=File : c:WINDOWSbundlesthin-8-1-x-x.exe
obj[728]=File : C:WINDOWSFavoritesat-gamesGamehouse Games.url
obj[729]=File : C:WINDOWSFavoritesat-gamesBig Fish Games.url
obj[730]=File : C:WINDOWSFavoritesat-gamesFlyorDie Games.url

SERVERLOGIC.HYPERLINKER

obj[479]=RegData : softwaremicrosoftinternet explorermain “Use Search Asst”
obj[482]=File : c:WINDOWSSYSTEMlmf32.dll

BROADCASTPC

obj[485]=File : c:WINDOWSTEMPGLME0F3.TMP
obj[486]=File : c:WINDOWSTEMPGLM6172.TMP
obj[487]=File : c:WINDOWSTEMPGLM11D2.TMP
obj[488]=File : c:WINDOWSTEMPGLM9204.TMP
obj[489]=File : c:WINDOWSTEMPGLMD395.TMP
obj[490]=File : c:WINDOWSTEMPGLM21B3.TMP
obj[491]=File : c:WINDOWSTEMPGLMD1F3.TMP
obj[492]=File : c:WINDOWSTEMPGLM6033.TMP
obj[493]=File : c:WINDOWSTEMPGLM3365.TMP
obj[496]=File : c:WINDOWSTEMPGLM1141.TMP
obj[497]=File : c:WINDOWSTEMPGLM380.TMP
obj[498]=File : c:WINDOWSTEMPGLM4363.TMP
obj[499]=File : c:WINDOWSTEMPGLM51D1.TMP
obj[500]=File : c:WINDOWSTEMPGLMD1A1.TMP
obj[501]=File : c:WINDOWSTEMPGLM8322.TMP
obj[502]=File : c:WINDOWSTEMPGLMF340.TMP
obj[503]=File : c:WINDOWSTEMPGLM2305.TMP
obj[504]=File : c:WINDOWSTEMPGLM2F6.TMP
obj[505]=File : c:WINDOWSTEMPGLM5105.TMP
obj[506]=File : c:WINDOWSTEMPGLM23A3.TMP
obj[507]=File : c:WINDOWSTEMPGLMB025.TMP
obj[508]=File : c:WINDOWSTEMPGLM63A1.TMP
obj[509]=File : c:WINDOWSTEMPGLM8122.TMP
obj[510]=File : c:WINDOWSTEMPGLMD0A2.TMP
obj[511]=File : c:WINDOWSTEMPGLM92D3.TMP
obj[512]=File : c:WINDOWSTEMPGLM31B0.TMP
obj[513]=File : c:WINDOWSTEMPGLM3B3.TMP
obj[514]=File : c:WINDOWSTEMPGLM1B1.TMP
obj[515]=File : c:WINDOWSTEMPGLMC0E3.TMP
obj[516]=File : c:WINDOWSTEMPGLM2010.TMP
obj[517]=File : c:WINDOWSTEMPGLM70E1.TMP
obj[518]=File : c:WINDOWSTEMPGLME0F5.TMP
obj[519]=File : c:WINDOWSTEMPGLM281.TMP
obj[520]=File : c:WINDOWSTEMPGLM8172.TMP
obj[521]=File : c:WINDOWSTEMPGLM31C0.TMP
obj[522]=File : c:WINDOWSTEMPGLM3364.TMP
obj[523]=File : c:WINDOWSTEMPGLM92D0.TMP
obj[524]=File : c:WINDOWSTEMPGLM1090.TMP

TOPMOXIE

obj[495]=File : c:WINDOWSTEMPdjtopr1150.exe
obj[525]=File : c:WINDOWSbundlesWebRebates_Auto_InstallSilent.exe

BOOKEDSPACE

obj[531]=File : c:WINDOWSbxxs5.dll
obj[731]=File : C:WINDOWSbsx32.ini

ZOOMBAR

obj[532]=File : c:WINDOWSXrdkbklj.dll

POSSIBLE BROWSER HIJACK ATTEMPT

obj[535]=File : C:WINDOWSFavoritesAT-GamesGamehouse Games.url

Well, that was the quarantine, several other reboots/scans without anything interesting so it’s time to pull out the network card and send it back.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Virus Doctor (or Remove VirusDoctor) | Virus Doctor Removal It looks as though that Virus Doctor (or Virusdoctor) is an older rogue antivirus application, but since it seems related to the search I was seeing lot's of last night about rootscan.info I thought I would devote an article to the removal instructions for virus doctor. Since it may be......
  • Preventing the automatic update to Internet Explorer 7 Internet Explorer 7 is set to be released this month (October 2006) and it will likely be an automatic update for Windows users either November or December of this year. (I'm thinking November.) Now, it's been a long time in the making, at one point Microsoft said there wouldn't be......
  • How to Remove Total PC Defender | Total PC Defender Removal Guide Total PC Defender is a rogue antivirus application that installs via malware and trojans. The software then runs each time the system boots and will run a fake scan that is designed to scare the user. This scan will find security problems, numerous viruses and they will further claim that......
Blog Traffic Exchange Related Websites
  • What is Bankruptcy? Understand the process of bankruptcy before you file the forms by yourself or with an attorney. To start the process of bankruptcy, a person with an unwieldy amount of debt files for bankruptcy in the nearest court. This process is normally done with the help of attorney, a person is......
  • The Different Styles and Designs of Lateral File Cabinets Filing Cabinets If you have a home office area that needs an efficient filing system, you might want to purchase a lateral file cabinet. Actually, this is the traditional style of a tall cabinet which comes with several easy to pull out drawers. It is commonly available in metal and......
  • FTP And Other File Transfer Tools In Web Hosting Anything related to the Internet or computers is bound to introduce technical issues pretty soon. One of the earliest that novice web site owners encounter is FTP, which is an acronym for File Transfer Protocol. Seeing it spelled out, it's easy to see why those in the know quickly move......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site