Disinfecting a PC… part 10



Before I get things wrapped up, I like to scan rinse and repeat until the scans come up clean. So, this scan of AVG gives a chance to delete the archive entry I mentioned the first pass it took. And spybot get’s updated from the internet and re-runs. All looks clean there… Ad-aware get’s an update check and runs again. Everything there looks clean now. The next thing to do is disable and uninstall tightvnc, I don’t want to leave bhodemon running at boot or the tea-timer from spybot now that things are fairly settled.


I also reset the Windows default theme (had been white text) and discover that was the cause of the missing checkboxes in the folder view settings window.

So, for old times sake here’s a hit of the highlights that the last scan to find anything interesting came up with…. here’s ad-aware’s quarantine. (minus the (long list) cookies).

ArchiveData(auto-quarantine- 2005-12-08 23-47-00.bckp)
Referencefile : SE1R78 07.12.2005

HI-WIRE

obj[0]=Regkey : clsid{28f00b04-dc4e-11d3-abec-005004a44eeb}
obj[1]=Regkey : clsid{28f00b0f-dc4e-11d3-abec-005004a44eeb}
obj[2]=Regkey : clsid{28f00b20-dc4e-11d3-abec-005004a44eeb}
obj[3]=Regkey : clsid{28f00b21-dc4e-11d3-abec-005004a44eeb}
obj[4]=Regkey : hiwire.configurator
obj[5]=Regkey : hiwire.configurator.1
obj[6]=Regkey : hiwire.register
obj[7]=Regkey : hiwire.register.1
obj[8]=Regkey : hiwire.transportcenter
obj[9]=Regkey : hiwire.transportcenter.1
obj[10]=Regkey : hiwire.userregrequest
obj[11]=Regkey : hiwire.userregrequest.1
obj[13]=Regkey : .DEFAULTsoftwarehiwire

404SEARCH

obj[12]=Regkey : .DEFAULTsoftwaresearch404
obj[471]=Folder : C:Program Files404Search
obj[536]=File : C:Program Files404search404Search.CAB
obj[537]=File : C:Program Files404searchmsvcr71.dll
obj[538]=File : C:Program Files404search404Search.dll
obj[539]=File : C:WINDOWSSYSTEMK404SearchSetup_MS18.exe

SECONDTHOUGHT

obj[14]=Regkey : .DEFAULTsoftwarestcclient
obj[472]=Regkey : softwarestc
obj[473]=Regkey : .defaultsoftwarestc
obj[474]=Folder : C:Program FilesSTC
obj[475]=Folder : c:\temporary
obj[481]=File : c:WINDOWSSYSTEMIdleUI.dll
obj[534]=File : c:Program FilesSTCSTC.exe
obj[540]=File : C:Program Filesstczilla.exe
obj[541]=File : C:Program Filesstctvmedia.exe
obj[542]=File : C:Program Filesstcbookedspace.exe
obj[543]=File : C:Program Filesstcwebrebates.exe
obj[544]=File : C:Program Filesstcmsbb_install.exe
obj[545]=File : C:Program Filesstcspywarelabs.exe
obj[546]=File : C:Program Filesstcmindset.exe
obj[547]=File : C:Program Filesstcezula.exe
obj[548]=File : C:Program Filesstcbundles.exe
obj[549]=File : C:Program Filesstcbundles53.exe
obj[550]=File : C:Program Filesstcbundles118.exe
obj[551]=File : c:temporaryinstall201.exe

ADROTATOR

obj[15]=Regkey : softwaremwsvm
obj[16]=RegValue : softwaremwsvm “dpk”
obj[17]=Regkey : softwareslmss
obj[18]=RegValue : softwareslmss “element”
obj[19]=RegValue : softwareslmss “1″
obj[20]=RegValue : softwareslmss “33″
obj[21]=RegValue : softwareslmss “25″
obj[22]=RegValue : softwareslmss “5″
obj[23]=RegValue : softwareslmss “3″
obj[483]=File : c:WINDOWSSYSTEMpuswxd.exe
obj[484]=File : c:WINDOWSSYSTEMpuswxc.exe
obj[527]=File : c:WINDOWSmwsvm.ocx
obj[528]=File : c:WINDOWSmwsvm.bin
obj[529]=File : c:WINDOWSurls.bin
obj[530]=File : c:WINDOWSvurls.bin
obj[533]=File : c:RecycledDc59.exe
obj[552]=File : C:WINDOWSSYSTEMhiwinnager.dat
obj[553]=File : C:WINDOWSmwsvm.dat
obj[554]=File : C:WINDOWSse255.dat
obj[555]=File : C:WINDOWSse633.dat
obj[556]=File : C:WINDOWSse383.dat
obj[557]=File : C:WINDOWSse834.dat
obj[558]=File : C:WINDOWSsearchen.dat
obj[559]=File : C:WINDOWSse80.dat
obj[560]=File : C:WINDOWSse410.dat
obj[561]=File : C:WINDOWSse639.dat
obj[562]=File : C:WINDOWSse971.dat
obj[563]=File : C:WINDOWSse701.dat
obj[564]=File : C:WINDOWSse20.dat
obj[565]=File : C:WINDOWSse102.dat
obj[566]=File : C:WINDOWSse804.dat
obj[567]=File : C:WINDOWSse964.dat
obj[568]=File : C:WINDOWSse473.dat
obj[569]=File : C:WINDOWSse71.dat
obj[570]=File : C:WINDOWSse738.dat
obj[571]=File : C:WINDOWSse941.dat
obj[572]=File : C:WINDOWSse525.dat
obj[573]=File : C:WINDOWSse789.dat
obj[574]=File : C:WINDOWSse920.dat
obj[575]=File : C:WINDOWSse106.dat
obj[576]=File : C:WINDOWSse323.dat
obj[577]=File : C:WINDOWSse426.dat
obj[578]=File : C:WINDOWSse496.dat
obj[579]=File : C:WINDOWSse358.dat
obj[580]=File : C:WINDOWSse876.dat
obj[581]=File : C:WINDOWSse244.dat
obj[582]=File : C:WINDOWSse136.dat
obj[583]=File : C:WINDOWSse517.dat
obj[584]=File : C:WINDOWSse271.dat
obj[585]=File : C:WINDOWSse256.dat
obj[586]=File : C:WINDOWSse822.dat
obj[587]=File : C:WINDOWSse94.dat
obj[588]=File : C:WINDOWSse86.dat
obj[589]=File : C:WINDOWSse404.dat
obj[590]=File : C:WINDOWSse160.dat
obj[591]=File : C:WINDOWSse978.dat
obj[592]=File : C:WINDOWSse577.dat
obj[593]=File : C:WINDOWSse611.dat
obj[594]=File : C:WINDOWSse139.dat
obj[595]=File : C:WINDOWSse123.dat
obj[596]=File : C:WINDOWSse320.dat
obj[597]=File : C:WINDOWSse476.dat
obj[598]=File : C:WINDOWSse377.dat
obj[599]=File : C:WINDOWSse951.dat
obj[600]=File : C:WINDOWSse423.dat
obj[601]=File : C:WINDOWSse242.dat
obj[602]=File : C:WINDOWSse970.dat
obj[603]=File : C:WINDOWSse571.dat
obj[604]=File : C:WINDOWSse866.dat
obj[605]=File : C:WINDOWSse658.dat
obj[606]=File : C:WINDOWSse865.dat
obj[607]=File : C:WINDOWSse880.dat
obj[608]=File : C:WINDOWSse325.dat
obj[609]=File : C:WINDOWSse78.dat
obj[610]=File : C:WINDOWSse769.dat
obj[611]=File : C:WINDOWSse704.dat
obj[612]=File : C:WINDOWSse652.dat
obj[613]=File : C:WINDOWSse262.dat
obj[614]=File : C:WINDOWSse317.dat
obj[615]=File : C:WINDOWSse241.dat
obj[616]=File : C:WINDOWSse138.dat
obj[617]=File : C:WINDOWSse933.dat
obj[618]=File : C:WINDOWSse677.dat
obj[619]=File : C:WINDOWSse671.dat
obj[620]=File : C:WINDOWSse818.dat
obj[621]=File : C:WINDOWSse380.dat
obj[622]=File : C:WINDOWSse938.dat
obj[623]=File : C:WINDOWSse434.dat
obj[624]=File : C:WINDOWSse374.dat
obj[625]=File : C:WINDOWSse790.dat
obj[626]=File : C:WINDOWSse132.dat
obj[627]=File : C:WINDOWSse369.dat
obj[628]=File : C:WINDOWSse872.dat
obj[629]=File : C:WINDOWSse133.dat
obj[630]=File : C:WINDOWSse129.dat
obj[631]=File : C:WINDOWSse808.dat
obj[632]=File : C:WINDOWSse8.dat
obj[633]=File : C:WINDOWSse163.dat
obj[634]=File : C:WINDOWSse782.dat
obj[635]=File : C:WINDOWSse268.dat
obj[636]=File : C:WINDOWSse670.dat
obj[637]=File : C:WINDOWSse537.dat
obj[638]=File : C:WINDOWSse67.dat
obj[639]=File : C:WINDOWSse376.dat
obj[640]=File : C:WINDOWSse161.dat
obj[641]=File : C:WINDOWSse620.dat
obj[642]=File : C:WINDOWSse631.dat
obj[643]=File : C:WINDOWSse5.dat
obj[644]=File : C:WINDOWSse692.dat
obj[645]=File : C:WINDOWSse833.dat
obj[646]=File : C:WINDOWSse438.dat
obj[647]=File : C:WINDOWSse134.dat
obj[648]=File : C:WINDOWSse96.dat
obj[649]=File : C:WINDOWSse867.dat
obj[650]=File : C:WINDOWSse884.dat
obj[651]=File : C:WINDOWSse251.dat
obj[652]=File : C:WINDOWSse913.dat
obj[653]=File : C:WINDOWSse805.dat
obj[654]=File : C:WINDOWSse145.dat
obj[655]=File : C:WINDOWSse605.dat
obj[656]=File : C:WINDOWSse868.dat
obj[657]=File : C:WINDOWSse419.dat
obj[658]=File : C:WINDOWSse647.dat
obj[659]=File : C:WINDOWSse58.dat
obj[660]=File : C:WINDOWSse921.dat
obj[661]=File : C:WINDOWSse177.dat
obj[662]=File : C:WINDOWSse13.dat
obj[663]=File : C:WINDOWSse975.dat
obj[664]=File : C:WINDOWSse777.dat
obj[665]=File : C:WINDOWSse1.dat
obj[666]=File : C:WINDOWSse915.dat
obj[667]=File : C:WINDOWSse412.dat
obj[668]=File : C:WINDOWSse40.dat
obj[669]=File : C:WINDOWSse181.dat
obj[670]=File : C:WINDOWSse840.dat
obj[671]=File : C:WINDOWSse182.dat
obj[672]=File : C:WINDOWSse63.dat
obj[673]=File : C:WINDOWSse21.dat
obj[674]=File : C:WINDOWSse852.dat
obj[675]=File : C:WINDOWSse835.dat
obj[676]=File : C:WINDOWSse923.dat
obj[677]=File : C:WINDOWSse590.dat
obj[678]=File : C:WINDOWSse595.dat
obj[679]=File : C:WINDOWSse629.dat
obj[680]=File : C:WINDOWSse651.dat
obj[681]=File : C:WINDOWSse411.dat
obj[682]=File : C:WINDOWSse696.dat
obj[683]=File : C:WINDOWSse194.dat
obj[684]=File : C:WINDOWSse765.dat
obj[685]=File : C:WINDOWSse703.dat
obj[686]=File : C:WINDOWSse151.dat
obj[687]=File : C:WINDOWSse463.dat
obj[688]=File : C:WINDOWSse141.dat
obj[689]=File : C:WINDOWSse165.dat
obj[690]=File : C:WINDOWSse541.dat
obj[691]=File : C:WINDOWSse773.dat
obj[692]=File : C:WINDOWSse235.dat
obj[693]=File : C:WINDOWSse270.dat
obj[694]=File : C:WINDOWSse198.dat
obj[695]=File : C:WINDOWSse486.dat
obj[696]=File : C:WINDOWSse791.dat
obj[697]=File : C:WINDOWSse87.dat
obj[698]=File : C:WINDOWSse213.dat
obj[699]=File : C:WINDOWSse22.dat
obj[700]=File : C:WINDOWSse972.dat
obj[701]=File : C:WINDOWSse903.dat
obj[702]=File : C:WINDOWSse208.dat
obj[703]=File : C:WINDOWSse778.dat
obj[704]=File : C:WINDOWSse657.dat
obj[705]=File : C:WINDOWSse38.dat
obj[706]=File : C:WINDOWSse666.dat
obj[707]=File : C:WINDOWSse109.dat
obj[708]=File : C:WINDOWSse801.dat
obj[709]=File : C:WINDOWSse41.dat
obj[710]=File : C:WINDOWSse935.dat
obj[711]=File : C:WINDOWSse276.dat
obj[712]=File : C:WINDOWSse315.dat
obj[713]=File : C:WINDOWSse718.dat
obj[714]=File : C:WINDOWSse676.dat
obj[715]=File : C:WINDOWSse588.dat
obj[716]=File : C:WINDOWSse474.dat
obj[717]=File : C:WINDOWSse937.dat
obj[718]=File : C:WINDOWSse373.dat
obj[719]=File : C:WINDOWSse924.dat
obj[720]=File : C:WINDOWSse459.dat
obj[721]=File : C:WINDOWSse583.dat
obj[722]=File : C:WINDOWSse722.dat
obj[723]=File : C:WINDOWSse927.dat
obj[724]=File : C:WINDOWSse700.dat
obj[725]=File : C:WINDOWSse226.dat

ALEXA

obj[24]=Regkey : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a}
obj[25]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “MenuStatusBar”
obj[26]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “Script”
obj[27]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “clsid”
obj[28]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “Icon”
obj[29]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “HotIcon”
obj[30]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “ButtonText”
obj[31]=RegValue : .DEFAULTsoftwaremicrosoftinternet explorerextensionscmdmapping “{c95fe080-8f5d-11d2-a20b-00aa003c157a}”

FAVORITEMAN

obj[32]=RegValue : .DEFAULTsoftwaremicrosoftwindows “Counter”
obj[33]=RegValue : .DEFAULTsoftwaremicrosoftwindows “Server”
obj[34]=RegValue : .DEFAULTsoftwaremicrosoftwindows “Object”
obj[726]=File : C:WINDOWSSYSTEMim64.dll
obj[727]=File : C:WINDOWSSYSTEMsetup_incred_6.exe

TVMEDIA

obj[35]=RegValue : .DEFAULTsoftwaremicrosoftinternet explorerurlsearchhooks “{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}”
obj[36]=RegValue : softwaremicrosoftinternet explorerurlsearchhooks “{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}”
obj[476]=Folder : C:Program FilesTV Media

VX2

obj[477]=RegValue : softwaremicrosoftinternet explorermedia “data”
obj[478]=Folder : C:WINDOWSFavoritesAT-Games
obj[480]=File : c:WINDOWSSYSTEMTSP8.EXE
obj[494]=File : c:WINDOWSTEMPjkill.exe
obj[526]=File : c:WINDOWSbundlesthin-8-1-x-x.exe
obj[728]=File : C:WINDOWSFavoritesat-gamesGamehouse Games.url
obj[729]=File : C:WINDOWSFavoritesat-gamesBig Fish Games.url
obj[730]=File : C:WINDOWSFavoritesat-gamesFlyorDie Games.url

SERVERLOGIC.HYPERLINKER

obj[479]=RegData : softwaremicrosoftinternet explorermain “Use Search Asst”
obj[482]=File : c:WINDOWSSYSTEMlmf32.dll

BROADCASTPC

obj[485]=File : c:WINDOWSTEMPGLME0F3.TMP
obj[486]=File : c:WINDOWSTEMPGLM6172.TMP
obj[487]=File : c:WINDOWSTEMPGLM11D2.TMP
obj[488]=File : c:WINDOWSTEMPGLM9204.TMP
obj[489]=File : c:WINDOWSTEMPGLMD395.TMP
obj[490]=File : c:WINDOWSTEMPGLM21B3.TMP
obj[491]=File : c:WINDOWSTEMPGLMD1F3.TMP
obj[492]=File : c:WINDOWSTEMPGLM6033.TMP
obj[493]=File : c:WINDOWSTEMPGLM3365.TMP
obj[496]=File : c:WINDOWSTEMPGLM1141.TMP
obj[497]=File : c:WINDOWSTEMPGLM380.TMP
obj[498]=File : c:WINDOWSTEMPGLM4363.TMP
obj[499]=File : c:WINDOWSTEMPGLM51D1.TMP
obj[500]=File : c:WINDOWSTEMPGLMD1A1.TMP
obj[501]=File : c:WINDOWSTEMPGLM8322.TMP
obj[502]=File : c:WINDOWSTEMPGLMF340.TMP
obj[503]=File : c:WINDOWSTEMPGLM2305.TMP
obj[504]=File : c:WINDOWSTEMPGLM2F6.TMP
obj[505]=File : c:WINDOWSTEMPGLM5105.TMP
obj[506]=File : c:WINDOWSTEMPGLM23A3.TMP
obj[507]=File : c:WINDOWSTEMPGLMB025.TMP
obj[508]=File : c:WINDOWSTEMPGLM63A1.TMP
obj[509]=File : c:WINDOWSTEMPGLM8122.TMP
obj[510]=File : c:WINDOWSTEMPGLMD0A2.TMP
obj[511]=File : c:WINDOWSTEMPGLM92D3.TMP
obj[512]=File : c:WINDOWSTEMPGLM31B0.TMP
obj[513]=File : c:WINDOWSTEMPGLM3B3.TMP
obj[514]=File : c:WINDOWSTEMPGLM1B1.TMP
obj[515]=File : c:WINDOWSTEMPGLMC0E3.TMP
obj[516]=File : c:WINDOWSTEMPGLM2010.TMP
obj[517]=File : c:WINDOWSTEMPGLM70E1.TMP
obj[518]=File : c:WINDOWSTEMPGLME0F5.TMP
obj[519]=File : c:WINDOWSTEMPGLM281.TMP
obj[520]=File : c:WINDOWSTEMPGLM8172.TMP
obj[521]=File : c:WINDOWSTEMPGLM31C0.TMP
obj[522]=File : c:WINDOWSTEMPGLM3364.TMP
obj[523]=File : c:WINDOWSTEMPGLM92D0.TMP
obj[524]=File : c:WINDOWSTEMPGLM1090.TMP

TOPMOXIE

obj[495]=File : c:WINDOWSTEMPdjtopr1150.exe
obj[525]=File : c:WINDOWSbundlesWebRebates_Auto_InstallSilent.exe

BOOKEDSPACE

obj[531]=File : c:WINDOWSbxxs5.dll
obj[731]=File : C:WINDOWSbsx32.ini

ZOOMBAR

obj[532]=File : c:WINDOWSXrdkbklj.dll

POSSIBLE BROWSER HIJACK ATTEMPT

obj[535]=File : C:WINDOWSFavoritesAT-GamesGamehouse Games.url

Well, that was the quarantine, several other reboots/scans without anything interesting so it’s time to pull out the network card and send it back.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove BlockProtector | Removal Guide So... the tail end of last week saw another new variant in the Wini family of rogue antivirus: blockprotector. It's the successor to..... Blockscanner (blockscanner removal guide) as well as the long list of prior variants that you can find on that page. (Sorry... it's just getting to be ridiculously......
  • How to Remove Virus Doctor (or Remove VirusDoctor) | Virus Doctor Removal It looks as though that Virus Doctor (or Virusdoctor) is an older rogue antivirus application, but since it seems related to the search I was seeing lot's of last night about rootscan.info I thought I would devote an article to the removal instructions for virus doctor. Since it may be......
  • How to Remove System Defender | System Defender Removal Guide System Defender is a rogue antivirus application that pushes itself to users through the use of scary popups and attack sites. The software, once it is installed will create numerous files and then claim that they are infected with viruses and they need to be cleaned. Of course, they cannot......
Blog Traffic Exchange Related Websites
  • FAQ about computer security Q: The virus blocked the registry access and how to get rid of it?A: You can deal with like this: 1. Click on Start -> Run (or Start Search in Windows Vista). 2. Enter GPEdit.msc and then press Enter. 3. Navigate to the following location: User Configuration -> Administrative Templates......
  • What is Bankruptcy? Understand the process of bankruptcy before you file the forms by yourself or with an attorney. To start the process of bankruptcy, a person with an unwieldy amount of debt files for bankruptcy in the nearest court. This process is normally done with the help of attorney, a person is......
  • Marketing Advice: Youtube Software YouTube software is often a file management process that delivers individuals the ability to obtain videos from this well-liked on the internet website and convert them into several other video formats. Individuals are ready to turn YouTube videos through the net into MP3 or MP4 digital audio encoding format. This......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site