Disinfecting a PC… part 10



Before I get things wrapped up, I like to scan rinse and repeat until the scans come up clean. So, this scan of AVG gives a chance to delete the archive entry I mentioned the first pass it took. And spybot get’s updated from the internet and re-runs. All looks clean there… Ad-aware get’s an update check and runs again. Everything there looks clean now. The next thing to do is disable and uninstall tightvnc, I don’t want to leave bhodemon running at boot or the tea-timer from spybot now that things are fairly settled.


I also reset the Windows default theme (had been white text) and discover that was the cause of the missing checkboxes in the folder view settings window.

So, for old times sake here’s a hit of the highlights that the last scan to find anything interesting came up with…. here’s ad-aware’s quarantine. (minus the (long list) cookies).

ArchiveData(auto-quarantine- 2005-12-08 23-47-00.bckp)
Referencefile : SE1R78 07.12.2005

HI-WIRE

obj[0]=Regkey : clsid{28f00b04-dc4e-11d3-abec-005004a44eeb}
obj[1]=Regkey : clsid{28f00b0f-dc4e-11d3-abec-005004a44eeb}
obj[2]=Regkey : clsid{28f00b20-dc4e-11d3-abec-005004a44eeb}
obj[3]=Regkey : clsid{28f00b21-dc4e-11d3-abec-005004a44eeb}
obj[4]=Regkey : hiwire.configurator
obj[5]=Regkey : hiwire.configurator.1
obj[6]=Regkey : hiwire.register
obj[7]=Regkey : hiwire.register.1
obj[8]=Regkey : hiwire.transportcenter
obj[9]=Regkey : hiwire.transportcenter.1
obj[10]=Regkey : hiwire.userregrequest
obj[11]=Regkey : hiwire.userregrequest.1
obj[13]=Regkey : .DEFAULTsoftwarehiwire

404SEARCH

obj[12]=Regkey : .DEFAULTsoftwaresearch404
obj[471]=Folder : C:Program Files404Search
obj[536]=File : C:Program Files404search404Search.CAB
obj[537]=File : C:Program Files404searchmsvcr71.dll
obj[538]=File : C:Program Files404search404Search.dll
obj[539]=File : C:WINDOWSSYSTEMK404SearchSetup_MS18.exe

SECONDTHOUGHT

obj[14]=Regkey : .DEFAULTsoftwarestcclient
obj[472]=Regkey : softwarestc
obj[473]=Regkey : .defaultsoftwarestc
obj[474]=Folder : C:Program FilesSTC
obj[475]=Folder : c:\temporary
obj[481]=File : c:WINDOWSSYSTEMIdleUI.dll
obj[534]=File : c:Program FilesSTCSTC.exe
obj[540]=File : C:Program Filesstczilla.exe
obj[541]=File : C:Program Filesstctvmedia.exe
obj[542]=File : C:Program Filesstcbookedspace.exe
obj[543]=File : C:Program Filesstcwebrebates.exe
obj[544]=File : C:Program Filesstcmsbb_install.exe
obj[545]=File : C:Program Filesstcspywarelabs.exe
obj[546]=File : C:Program Filesstcmindset.exe
obj[547]=File : C:Program Filesstcezula.exe
obj[548]=File : C:Program Filesstcbundles.exe
obj[549]=File : C:Program Filesstcbundles53.exe
obj[550]=File : C:Program Filesstcbundles118.exe
obj[551]=File : c:temporaryinstall201.exe

ADROTATOR

obj[15]=Regkey : softwaremwsvm
obj[16]=RegValue : softwaremwsvm “dpk”
obj[17]=Regkey : softwareslmss
obj[18]=RegValue : softwareslmss “element”
obj[19]=RegValue : softwareslmss “1″
obj[20]=RegValue : softwareslmss “33″
obj[21]=RegValue : softwareslmss “25″
obj[22]=RegValue : softwareslmss “5″
obj[23]=RegValue : softwareslmss “3″
obj[483]=File : c:WINDOWSSYSTEMpuswxd.exe
obj[484]=File : c:WINDOWSSYSTEMpuswxc.exe
obj[527]=File : c:WINDOWSmwsvm.ocx
obj[528]=File : c:WINDOWSmwsvm.bin
obj[529]=File : c:WINDOWSurls.bin
obj[530]=File : c:WINDOWSvurls.bin
obj[533]=File : c:RecycledDc59.exe
obj[552]=File : C:WINDOWSSYSTEMhiwinnager.dat
obj[553]=File : C:WINDOWSmwsvm.dat
obj[554]=File : C:WINDOWSse255.dat
obj[555]=File : C:WINDOWSse633.dat
obj[556]=File : C:WINDOWSse383.dat
obj[557]=File : C:WINDOWSse834.dat
obj[558]=File : C:WINDOWSsearchen.dat
obj[559]=File : C:WINDOWSse80.dat
obj[560]=File : C:WINDOWSse410.dat
obj[561]=File : C:WINDOWSse639.dat
obj[562]=File : C:WINDOWSse971.dat
obj[563]=File : C:WINDOWSse701.dat
obj[564]=File : C:WINDOWSse20.dat
obj[565]=File : C:WINDOWSse102.dat
obj[566]=File : C:WINDOWSse804.dat
obj[567]=File : C:WINDOWSse964.dat
obj[568]=File : C:WINDOWSse473.dat
obj[569]=File : C:WINDOWSse71.dat
obj[570]=File : C:WINDOWSse738.dat
obj[571]=File : C:WINDOWSse941.dat
obj[572]=File : C:WINDOWSse525.dat
obj[573]=File : C:WINDOWSse789.dat
obj[574]=File : C:WINDOWSse920.dat
obj[575]=File : C:WINDOWSse106.dat
obj[576]=File : C:WINDOWSse323.dat
obj[577]=File : C:WINDOWSse426.dat
obj[578]=File : C:WINDOWSse496.dat
obj[579]=File : C:WINDOWSse358.dat
obj[580]=File : C:WINDOWSse876.dat
obj[581]=File : C:WINDOWSse244.dat
obj[582]=File : C:WINDOWSse136.dat
obj[583]=File : C:WINDOWSse517.dat
obj[584]=File : C:WINDOWSse271.dat
obj[585]=File : C:WINDOWSse256.dat
obj[586]=File : C:WINDOWSse822.dat
obj[587]=File : C:WINDOWSse94.dat
obj[588]=File : C:WINDOWSse86.dat
obj[589]=File : C:WINDOWSse404.dat
obj[590]=File : C:WINDOWSse160.dat
obj[591]=File : C:WINDOWSse978.dat
obj[592]=File : C:WINDOWSse577.dat
obj[593]=File : C:WINDOWSse611.dat
obj[594]=File : C:WINDOWSse139.dat
obj[595]=File : C:WINDOWSse123.dat
obj[596]=File : C:WINDOWSse320.dat
obj[597]=File : C:WINDOWSse476.dat
obj[598]=File : C:WINDOWSse377.dat
obj[599]=File : C:WINDOWSse951.dat
obj[600]=File : C:WINDOWSse423.dat
obj[601]=File : C:WINDOWSse242.dat
obj[602]=File : C:WINDOWSse970.dat
obj[603]=File : C:WINDOWSse571.dat
obj[604]=File : C:WINDOWSse866.dat
obj[605]=File : C:WINDOWSse658.dat
obj[606]=File : C:WINDOWSse865.dat
obj[607]=File : C:WINDOWSse880.dat
obj[608]=File : C:WINDOWSse325.dat
obj[609]=File : C:WINDOWSse78.dat
obj[610]=File : C:WINDOWSse769.dat
obj[611]=File : C:WINDOWSse704.dat
obj[612]=File : C:WINDOWSse652.dat
obj[613]=File : C:WINDOWSse262.dat
obj[614]=File : C:WINDOWSse317.dat
obj[615]=File : C:WINDOWSse241.dat
obj[616]=File : C:WINDOWSse138.dat
obj[617]=File : C:WINDOWSse933.dat
obj[618]=File : C:WINDOWSse677.dat
obj[619]=File : C:WINDOWSse671.dat
obj[620]=File : C:WINDOWSse818.dat
obj[621]=File : C:WINDOWSse380.dat
obj[622]=File : C:WINDOWSse938.dat
obj[623]=File : C:WINDOWSse434.dat
obj[624]=File : C:WINDOWSse374.dat
obj[625]=File : C:WINDOWSse790.dat
obj[626]=File : C:WINDOWSse132.dat
obj[627]=File : C:WINDOWSse369.dat
obj[628]=File : C:WINDOWSse872.dat
obj[629]=File : C:WINDOWSse133.dat
obj[630]=File : C:WINDOWSse129.dat
obj[631]=File : C:WINDOWSse808.dat
obj[632]=File : C:WINDOWSse8.dat
obj[633]=File : C:WINDOWSse163.dat
obj[634]=File : C:WINDOWSse782.dat
obj[635]=File : C:WINDOWSse268.dat
obj[636]=File : C:WINDOWSse670.dat
obj[637]=File : C:WINDOWSse537.dat
obj[638]=File : C:WINDOWSse67.dat
obj[639]=File : C:WINDOWSse376.dat
obj[640]=File : C:WINDOWSse161.dat
obj[641]=File : C:WINDOWSse620.dat
obj[642]=File : C:WINDOWSse631.dat
obj[643]=File : C:WINDOWSse5.dat
obj[644]=File : C:WINDOWSse692.dat
obj[645]=File : C:WINDOWSse833.dat
obj[646]=File : C:WINDOWSse438.dat
obj[647]=File : C:WINDOWSse134.dat
obj[648]=File : C:WINDOWSse96.dat
obj[649]=File : C:WINDOWSse867.dat
obj[650]=File : C:WINDOWSse884.dat
obj[651]=File : C:WINDOWSse251.dat
obj[652]=File : C:WINDOWSse913.dat
obj[653]=File : C:WINDOWSse805.dat
obj[654]=File : C:WINDOWSse145.dat
obj[655]=File : C:WINDOWSse605.dat
obj[656]=File : C:WINDOWSse868.dat
obj[657]=File : C:WINDOWSse419.dat
obj[658]=File : C:WINDOWSse647.dat
obj[659]=File : C:WINDOWSse58.dat
obj[660]=File : C:WINDOWSse921.dat
obj[661]=File : C:WINDOWSse177.dat
obj[662]=File : C:WINDOWSse13.dat
obj[663]=File : C:WINDOWSse975.dat
obj[664]=File : C:WINDOWSse777.dat
obj[665]=File : C:WINDOWSse1.dat
obj[666]=File : C:WINDOWSse915.dat
obj[667]=File : C:WINDOWSse412.dat
obj[668]=File : C:WINDOWSse40.dat
obj[669]=File : C:WINDOWSse181.dat
obj[670]=File : C:WINDOWSse840.dat
obj[671]=File : C:WINDOWSse182.dat
obj[672]=File : C:WINDOWSse63.dat
obj[673]=File : C:WINDOWSse21.dat
obj[674]=File : C:WINDOWSse852.dat
obj[675]=File : C:WINDOWSse835.dat
obj[676]=File : C:WINDOWSse923.dat
obj[677]=File : C:WINDOWSse590.dat
obj[678]=File : C:WINDOWSse595.dat
obj[679]=File : C:WINDOWSse629.dat
obj[680]=File : C:WINDOWSse651.dat
obj[681]=File : C:WINDOWSse411.dat
obj[682]=File : C:WINDOWSse696.dat
obj[683]=File : C:WINDOWSse194.dat
obj[684]=File : C:WINDOWSse765.dat
obj[685]=File : C:WINDOWSse703.dat
obj[686]=File : C:WINDOWSse151.dat
obj[687]=File : C:WINDOWSse463.dat
obj[688]=File : C:WINDOWSse141.dat
obj[689]=File : C:WINDOWSse165.dat
obj[690]=File : C:WINDOWSse541.dat
obj[691]=File : C:WINDOWSse773.dat
obj[692]=File : C:WINDOWSse235.dat
obj[693]=File : C:WINDOWSse270.dat
obj[694]=File : C:WINDOWSse198.dat
obj[695]=File : C:WINDOWSse486.dat
obj[696]=File : C:WINDOWSse791.dat
obj[697]=File : C:WINDOWSse87.dat
obj[698]=File : C:WINDOWSse213.dat
obj[699]=File : C:WINDOWSse22.dat
obj[700]=File : C:WINDOWSse972.dat
obj[701]=File : C:WINDOWSse903.dat
obj[702]=File : C:WINDOWSse208.dat
obj[703]=File : C:WINDOWSse778.dat
obj[704]=File : C:WINDOWSse657.dat
obj[705]=File : C:WINDOWSse38.dat
obj[706]=File : C:WINDOWSse666.dat
obj[707]=File : C:WINDOWSse109.dat
obj[708]=File : C:WINDOWSse801.dat
obj[709]=File : C:WINDOWSse41.dat
obj[710]=File : C:WINDOWSse935.dat
obj[711]=File : C:WINDOWSse276.dat
obj[712]=File : C:WINDOWSse315.dat
obj[713]=File : C:WINDOWSse718.dat
obj[714]=File : C:WINDOWSse676.dat
obj[715]=File : C:WINDOWSse588.dat
obj[716]=File : C:WINDOWSse474.dat
obj[717]=File : C:WINDOWSse937.dat
obj[718]=File : C:WINDOWSse373.dat
obj[719]=File : C:WINDOWSse924.dat
obj[720]=File : C:WINDOWSse459.dat
obj[721]=File : C:WINDOWSse583.dat
obj[722]=File : C:WINDOWSse722.dat
obj[723]=File : C:WINDOWSse927.dat
obj[724]=File : C:WINDOWSse700.dat
obj[725]=File : C:WINDOWSse226.dat

ALEXA

obj[24]=Regkey : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a}
obj[25]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “MenuStatusBar”
obj[26]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “Script”
obj[27]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “clsid”
obj[28]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “Icon”
obj[29]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “HotIcon”
obj[30]=RegValue : softwaremicrosoftinternet explorerextensions{c95fe080-8f5d-11d2-a20b-00aa003c157a} “ButtonText”
obj[31]=RegValue : .DEFAULTsoftwaremicrosoftinternet explorerextensionscmdmapping “{c95fe080-8f5d-11d2-a20b-00aa003c157a}”

FAVORITEMAN

obj[32]=RegValue : .DEFAULTsoftwaremicrosoftwindows “Counter”
obj[33]=RegValue : .DEFAULTsoftwaremicrosoftwindows “Server”
obj[34]=RegValue : .DEFAULTsoftwaremicrosoftwindows “Object”
obj[726]=File : C:WINDOWSSYSTEMim64.dll
obj[727]=File : C:WINDOWSSYSTEMsetup_incred_6.exe

TVMEDIA

obj[35]=RegValue : .DEFAULTsoftwaremicrosoftinternet explorerurlsearchhooks “{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}”
obj[36]=RegValue : softwaremicrosoftinternet explorerurlsearchhooks “{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}”
obj[476]=Folder : C:Program FilesTV Media

VX2

obj[477]=RegValue : softwaremicrosoftinternet explorermedia “data”
obj[478]=Folder : C:WINDOWSFavoritesAT-Games
obj[480]=File : c:WINDOWSSYSTEMTSP8.EXE
obj[494]=File : c:WINDOWSTEMPjkill.exe
obj[526]=File : c:WINDOWSbundlesthin-8-1-x-x.exe
obj[728]=File : C:WINDOWSFavoritesat-gamesGamehouse Games.url
obj[729]=File : C:WINDOWSFavoritesat-gamesBig Fish Games.url
obj[730]=File : C:WINDOWSFavoritesat-gamesFlyorDie Games.url

SERVERLOGIC.HYPERLINKER

obj[479]=RegData : softwaremicrosoftinternet explorermain “Use Search Asst”
obj[482]=File : c:WINDOWSSYSTEMlmf32.dll

BROADCASTPC

obj[485]=File : c:WINDOWSTEMPGLME0F3.TMP
obj[486]=File : c:WINDOWSTEMPGLM6172.TMP
obj[487]=File : c:WINDOWSTEMPGLM11D2.TMP
obj[488]=File : c:WINDOWSTEMPGLM9204.TMP
obj[489]=File : c:WINDOWSTEMPGLMD395.TMP
obj[490]=File : c:WINDOWSTEMPGLM21B3.TMP
obj[491]=File : c:WINDOWSTEMPGLMD1F3.TMP
obj[492]=File : c:WINDOWSTEMPGLM6033.TMP
obj[493]=File : c:WINDOWSTEMPGLM3365.TMP
obj[496]=File : c:WINDOWSTEMPGLM1141.TMP
obj[497]=File : c:WINDOWSTEMPGLM380.TMP
obj[498]=File : c:WINDOWSTEMPGLM4363.TMP
obj[499]=File : c:WINDOWSTEMPGLM51D1.TMP
obj[500]=File : c:WINDOWSTEMPGLMD1A1.TMP
obj[501]=File : c:WINDOWSTEMPGLM8322.TMP
obj[502]=File : c:WINDOWSTEMPGLMF340.TMP
obj[503]=File : c:WINDOWSTEMPGLM2305.TMP
obj[504]=File : c:WINDOWSTEMPGLM2F6.TMP
obj[505]=File : c:WINDOWSTEMPGLM5105.TMP
obj[506]=File : c:WINDOWSTEMPGLM23A3.TMP
obj[507]=File : c:WINDOWSTEMPGLMB025.TMP
obj[508]=File : c:WINDOWSTEMPGLM63A1.TMP
obj[509]=File : c:WINDOWSTEMPGLM8122.TMP
obj[510]=File : c:WINDOWSTEMPGLMD0A2.TMP
obj[511]=File : c:WINDOWSTEMPGLM92D3.TMP
obj[512]=File : c:WINDOWSTEMPGLM31B0.TMP
obj[513]=File : c:WINDOWSTEMPGLM3B3.TMP
obj[514]=File : c:WINDOWSTEMPGLM1B1.TMP
obj[515]=File : c:WINDOWSTEMPGLMC0E3.TMP
obj[516]=File : c:WINDOWSTEMPGLM2010.TMP
obj[517]=File : c:WINDOWSTEMPGLM70E1.TMP
obj[518]=File : c:WINDOWSTEMPGLME0F5.TMP
obj[519]=File : c:WINDOWSTEMPGLM281.TMP
obj[520]=File : c:WINDOWSTEMPGLM8172.TMP
obj[521]=File : c:WINDOWSTEMPGLM31C0.TMP
obj[522]=File : c:WINDOWSTEMPGLM3364.TMP
obj[523]=File : c:WINDOWSTEMPGLM92D0.TMP
obj[524]=File : c:WINDOWSTEMPGLM1090.TMP

TOPMOXIE

obj[495]=File : c:WINDOWSTEMPdjtopr1150.exe
obj[525]=File : c:WINDOWSbundlesWebRebates_Auto_InstallSilent.exe

BOOKEDSPACE

obj[531]=File : c:WINDOWSbxxs5.dll
obj[731]=File : C:WINDOWSbsx32.ini

ZOOMBAR

obj[532]=File : c:WINDOWSXrdkbklj.dll

POSSIBLE BROWSER HIJACK ATTEMPT

obj[535]=File : C:WINDOWSFavoritesAT-GamesGamehouse Games.url

Well, that was the quarantine, several other reboots/scans without anything interesting so it’s time to pull out the network card and send it back.

Related Posts

Blog Traffic Exchange Related Posts
  • Remove Personal Antivirus Personal Antivirus is another of those rogue antivirus programs. They claim to protect, but really their goal is to find ways to separate you from your money. Usually this is through false claims of infected files and a "we'll fix it, if you pay us" sales model. Apparently it's almost......
  • How to Remove Total PC Defender | Total PC Defender Removal Guide Total PC Defender is a rogue antivirus application that installs via malware and trojans. The software then runs each time the system boots and will run a fake scan that is designed to scare the user. This scan will find security problems, numerous viruses and they will further claim that......
  • How to Remove System Defender | System Defender Removal Guide System Defender is a rogue antivirus application that pushes itself to users through the use of scary popups and attack sites. The software, once it is installed will create numerous files and then claim that they are infected with viruses and they need to be cleaned. Of course, they cannot......
Blog Traffic Exchange Related Websites
  • The Different Styles and Designs of Lateral File Cabinets Filing Cabinets If you have a home office area that needs an efficient filing system, you might want to purchase a lateral file cabinet. Actually, this is the traditional style of a tall cabinet which comes with several easy to pull out drawers. It is commonly available in metal and......
  • Protecting Yourself On The Internet Since its beginning in 1990 the online market place has revolutionised the way the world shares info. Unfortunately, it in addition has opened up a whole new world with bad people doing bad things. Illegal material hasn't been so easily available Big Dog Formula to tempt probably the most innocent......
  • FAQ about computer security Q: The virus blocked the registry access and how to get rid of it?A: You can deal with like this: 1. Click on Start -> Run (or Start Search in Windows Vista). 2. Enter GPEdit.msc and then press Enter. 3. Navigate to the following location: User Configuration -> Administrative Templates......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site