Paul G
2006-03-19, 01:27
Hi,
Once again many thanks for all your help via Malware Removal Forum.
I'm, running 'Resident Tea Timer', and would like you to check my start-up Report (below) and advise if any of the entries should be disallowed.
I have since deleted:
Located: HK_LM:Run, lich
command: lich.exe
file:
as I was told to get rid of this in a previous Malware Removal post (Shelf Life).
Any advice appreciated.
Paul G :scratch:
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-03-10 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-10 Includes\Cookies.sbi
2006-03-10 Includes\Dialer.sbi
2006-03-10 Includes\Hijackers.sbi
2006-03-10 Includes\Keyloggers.sbi
2006-03-10 Includes\Malware.sbi
2006-03-10 Includes\PUPS.sbi
2006-03-10 Includes\Revision.sbi
2006-03-10 Includes\Security.sbi
2006-03-10 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-03-10 Includes\Trojans.sbi
Located: HK_LM:Run, a3ee4366.exe
command: C:\WINDOWS\System32\a3ee4366.exe
file: C:\WINDOWS\System32\a3ee4366.exe
size: 4096
MD5: 148a9e736ca91eeb72434a9ca40097c4
Located: HK_LM:Run, AdaptecDirectCD
command: "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
file: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: be3238a165afb321f1696cc1ff9ef271
Located: HK_LM:Run, AdwareAlert
command: C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
file:
Located: HK_LM:Run, BigPond Toolbar
command: "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
file: C:\Program Files\Telstra\Toolbar\bpumTray.exe
size: 327680
MD5: 7896471dc67b61ef4e5f888311263fff
Located: HK_LM:Run, DVDSentry
command: C:\WINDOWS\System32\DSentry.exe
file: C:\WINDOWS\System32\DSentry.exe
size: 28672
MD5: 3bc0b332cac05c40a0c42122a6c4bfc0
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: ee2ac08be7024a781df6f40870ed748d
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 095b56d71d4c6af017712b0e59c66166
Located: HK_LM:Run, lich
command: lich.exe
file:
Located: HK_LM:Run, pccguide.exe
command: "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
file:
Located: HK_CU:Run, a3ee4366.exe
command: C:\Documents and Settings\Paul Gibbs\Local Settings\Application Data\a3ee4366.exe
file: C:\Documents and Settings\Paul Gibbs\Local Settings\Application Data\a3ee4366.exe
size: 4096
MD5: 148a9e736ca91eeb72434a9ca40097c4
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\System32\ctfmon.exe
file: C:\WINDOWS\System32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, H/PC Connection Agent
command: "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
file: C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 376912
MD5: f1661c89618ecd0fa4f1c9f6f2946134
Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\DRIVERS\ANTI-SPYWARE\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
file: C:\DRIVERS\ANTI-SPYWARE\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38
Located: Startup (common), Digital Line Detect.lnk
command: C:\Program Files\Digital Line Detect\DLG.exe
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 24576
MD5: d59b254a0d0d3456c9e522e65d662777
Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 118784
MD5: bb272e4a58c563ebf40f8cb1173da1da
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
Once again many thanks for all your help via Malware Removal Forum.
I'm, running 'Resident Tea Timer', and would like you to check my start-up Report (below) and advise if any of the entries should be disallowed.
I have since deleted:
Located: HK_LM:Run, lich
command: lich.exe
file:
as I was told to get rid of this in a previous Malware Removal post (Shelf Life).
Any advice appreciated.
Paul G :scratch:
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-03-10 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-10 Includes\Cookies.sbi
2006-03-10 Includes\Dialer.sbi
2006-03-10 Includes\Hijackers.sbi
2006-03-10 Includes\Keyloggers.sbi
2006-03-10 Includes\Malware.sbi
2006-03-10 Includes\PUPS.sbi
2006-03-10 Includes\Revision.sbi
2006-03-10 Includes\Security.sbi
2006-03-10 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2006-03-10 Includes\Trojans.sbi
Located: HK_LM:Run, a3ee4366.exe
command: C:\WINDOWS\System32\a3ee4366.exe
file: C:\WINDOWS\System32\a3ee4366.exe
size: 4096
MD5: 148a9e736ca91eeb72434a9ca40097c4
Located: HK_LM:Run, AdaptecDirectCD
command: "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
file: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: be3238a165afb321f1696cc1ff9ef271
Located: HK_LM:Run, AdwareAlert
command: C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
file:
Located: HK_LM:Run, BigPond Toolbar
command: "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
file: C:\Program Files\Telstra\Toolbar\bpumTray.exe
size: 327680
MD5: 7896471dc67b61ef4e5f888311263fff
Located: HK_LM:Run, DVDSentry
command: C:\WINDOWS\System32\DSentry.exe
file: C:\WINDOWS\System32\DSentry.exe
size: 28672
MD5: 3bc0b332cac05c40a0c42122a6c4bfc0
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: ee2ac08be7024a781df6f40870ed748d
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 095b56d71d4c6af017712b0e59c66166
Located: HK_LM:Run, lich
command: lich.exe
file:
Located: HK_LM:Run, pccguide.exe
command: "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
file:
Located: HK_CU:Run, a3ee4366.exe
command: C:\Documents and Settings\Paul Gibbs\Local Settings\Application Data\a3ee4366.exe
file: C:\Documents and Settings\Paul Gibbs\Local Settings\Application Data\a3ee4366.exe
size: 4096
MD5: 148a9e736ca91eeb72434a9ca40097c4
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\System32\ctfmon.exe
file: C:\WINDOWS\System32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, H/PC Connection Agent
command: "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
file: C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
size: 376912
MD5: f1661c89618ecd0fa4f1c9f6f2946134
Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\DRIVERS\ANTI-SPYWARE\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
file: C:\DRIVERS\ANTI-SPYWARE\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38
Located: Startup (common), Digital Line Detect.lnk
command: C:\Program Files\Digital Line Detect\DLG.exe
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 24576
MD5: d59b254a0d0d3456c9e522e65d662777
Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 118784
MD5: bb272e4a58c563ebf40f8cb1173da1da
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll