Why Do I Always Get The Fun Ones


Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 5:36:34 PM, on 6/17/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\System32\clww\jedn.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe

C:\Program Files\BullsEye Network\bin\bargains.exe

C:\Program Files\NaviSearch\bin\nls.exe

C:\Program Files\CashBack\bin\cashback.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe

C:\Program Files\Internet Optimizer\optimize.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Kekxieu\Ztifd.exe

C:\WINDOWS\System32\exp.exe

C:\WINDOWS\System32\wintask.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Media Access\MediaAccK.exe

C:\WINDOWS\IEXPLORER.exe

C:\WINDOWS\IEXPLORER.exe

C:\WINDOWS\IEXPLOR.EXE

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe

C:\WINDOWS\System32\rvvxp\gaprft.exe

C:\temp\salm.exe

C:\PROGRA~1\Toolbar\PIB.exe

C:\PROGRA~1\GOGOTO~1\Gogoware\GOGOTO~1.EXE

C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe

C:\WINDOWS\System32\3e3lvhs5.exe

C:\WINDOWS\System32\winupdt.exe

C:\WINDOWS\System32\RUNDLL32.exe

C:\Documents and Settings\All Users\Application Data\msst\mssts.exe

C:\WINDOWS\logon.exe

C:\WINDOWS\System32\rpnkup.exe

C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

C:\WINDOWS\System32\picsvr\picsvr.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system\mnpcsgage.exe

C:\WINDOWS\sfita.exe

C:\PROGRA~1\COMMON~1\mmuz\mmuzm.exe

C:\PROGRA~1\Web Offer\wo.exe

C:\Program Files\America Online 7.0\aoltray.exe

C:\PROGRA~1\COMMON~1\mmuz\mmuza.exe

C:\WINDOWS\System32\wuauclt.exe

C:\PROGRA~1\Toolbar\radio.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

c:\windows\system32\ifndsp.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\clb-vb-eginwl.exe

C:\Program Files\Common Files\WinTools\WSup.exe

C:\Program Files\Aprps\CxtPls.exe

C:\Program Files\Media Access\MediaAccess.exe

C:\PROGRA~1\Toolbar\TBPS.exe

C:\PROGRA~1\Toolbar\TBPSSvc.exe

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\Program Files\Common Files\WinTools\WToolsS.exe

C:\PROGRA~1\eZula\mmod.exe

C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exe

C:\HJT\HijackThis.exe

C:\WINDOWS\System32\dumprep.exe

C:\WINDOWS\System32\dwwin.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\20fd7ffc9508b72d744f8dcd51816ea9\update\update.exe

C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchforit.com/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxifiles.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchforit.com/searchbar

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\SYSsfitb.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [AOL Instant Messenger] aimsgr.exe

O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe

O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe

O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe

O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msdioo.exe

O4 - HKLM\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\bjarubj.exe

O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Stfpjq.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [spamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe

O4 - HKLM\..\Run: [spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe

O4 - HKLM\..\Run: [twjbujpy] C:\WINDOWS\System32\qxtiqspd.exe

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbWeatherOnTray.exe

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM\..\Run: [Qqdygs] C:\Program Files\Kekxieu\Ztifd.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"

O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\System32\pacis.exe

O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe

O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [ywdwf] C:\WINDOWS\System32\ptvux\ywdwf.exe

O4 - HKLM\..\Run: [kaelmwe] C:\WINDOWS\System32\kcae\kaelmwe.exe

O4 - HKLM\..\Run: [jedn] C:\WINDOWS\System32\clww\jedn.exe

O4 - HKLM\..\Run: [arntej] C:\WINDOWS\System32\gtrwkk\arntej.exe

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLORER.exe] C:\WINDOWS\IEXPLORER.exe

O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLORER.exe

O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLOR.EXE] C:\WINDOWS\IEXPLOR.EXE

O4 - HKLM\..\Run: [RUNGogoTools] C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe

O4 - HKLM\..\Run: [C:\WINDOWS\WinTask.exe] C:\WINDOWS\WinTask.exe

O4 - HKLM\..\Run: [PopMark] C:\WINDOWS\WinTask.exe

O4 - HKLM\..\Run: [gaprft] C:\WINDOWS\System32\rvvxp\gaprft.exe

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [rot] C:\WINDOWS\rot.exe

O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitetuv32.exe

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe

O4 - HKLM\..\Run: [idgenp] C:\WINDOWS\System32\idgenp.exe

O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe

O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun

O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"

O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun

O4 - HKLM\..\Run: [3e3lvhs5] C:\WINDOWS\System32\3e3lvhs5.exe

O4 - HKLM\..\Run: [mpdfuc] C:\WINDOWS\System32\mpdfuc.exe

O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\System32\guarnset.exe

O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe

O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16

O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe

O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rpnkup.exe reg_run

O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [cjeqmo] c:\windows\system32\ifndsp.exe

O4 - HKLM\..\Run: [o73g3qV] clb-vb-eginwl.exe

O4 - HKLM\..\Run: [sh32upt] C:\WINDOWS\sh32upt.exe

O4 - HKLM\..\RunServices: [AOL Instant Messenger] aimsgr.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1

O4 - HKCU\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKCU\..\Run: [ZwsmRkZsO] tjpanage.exe

O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe

O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe

O4 - HKCU\..\Run: [mmuz] C:\PROGRA~1\COMMON~1\mmuz\mmuzm.exe

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

O4 - HKCU\..\Run: [wzcbsy] C:\WINDOWS\System32\wzcbsy.exe

O4 - HKCU\..\RunOnce: [wzcbsy] C:\WINDOWS\System32\wzcbsy.exe

O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe

O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe

O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/jabber.ocx

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/ins...ckerutility.cab

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab

O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab

O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0003.exe

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\mscgdc.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing)

O23 - Service: jednclww - Unknown owner - C:\WINDOWS\System32\clww\jedn.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\mcshield.exe (file missing)

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

Link to post
Share on other sites

wow id like to work your log but im only in training to do them !!!! some day !!!!!

but i can tell what i see !

CoolWebSearch Trojan

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\SYSsfitb.dll

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.ex

O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe

O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe

O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe

O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msdioo.exe

O4 - HKLM\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\bjarubj.exe

O4 - HKLM\..\Run: [AutoUpdater] \"C:\Program Files\AutoUpdate\AutoUpdate.exe\"

O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbWeatherOnTray.exe

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] \"C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe\"

O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\System32\pacis.exe

O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe

O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLORER.exe] C:\WINDOWS\IEXPLORER.exe

O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLORER.exe

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe

O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun

O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe

O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16

O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rpnkup.exe reg_run

O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe

O4 - HKCU\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\mscgdc.d

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

whewwwwww now maby someone can take over from here & tell you how to remove them !!

oh & you have a lot of files & some folders that need to be removed !!!

Link to post
Share on other sites

thanks flash4, but I can handle it myself... I'm a Trusted Advisor at SpywareInfo... i just posted the log here to show everyone so they could be appropriately horrified at how bad it is. You also missed a couple key infections...

Edited by Avohir
Link to post
Share on other sites
Guest
This topic is now closed to further replies.