Why Do I Always Get The Fun Ones

Avohir

By Avohir,
in Malware Removal

 Share Followers 0

Recommended Posts

Avohir

Avohir

Posted
Posted

Logfile of HijackThis v1.99.1

Scan saved at 5:36:34 PM, on 6/17/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\WINDOWS\System32\clww\jedn.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe

C:\Program Files\BullsEye Network\bin\bargains.exe

C:\Program Files\NaviSearch\bin\nls.exe

C:\Program Files\CashBack\bin\cashback.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe

C:\Program Files\Internet Optimizer\optimize.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Kekxieu\Ztifd.exe

C:\WINDOWS\System32\exp.exe

C:\WINDOWS\System32\wintask.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Media Access\MediaAccK.exe

C:\WINDOWS\IEXPLORER.exe

C:\WINDOWS\IEXPLORER.exe

C:\WINDOWS\IEXPLOR.EXE

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe

C:\WINDOWS\System32\rvvxp\gaprft.exe

C:\temp\salm.exe

C:\PROGRA~1\Toolbar\PIB.exe

C:\PROGRA~1\GOGOTO~1\Gogoware\GOGOTO~1.EXE

C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe

C:\WINDOWS\System32\3e3lvhs5.exe

C:\WINDOWS\System32\winupdt.exe

C:\WINDOWS\System32\RUNDLL32.exe

C:\Documents and Settings\All Users\Application Data\msst\mssts.exe

C:\WINDOWS\logon.exe

C:\WINDOWS\System32\rpnkup.exe

C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

C:\WINDOWS\System32\picsvr\picsvr.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system\mnpcsgage.exe

C:\WINDOWS\sfita.exe

C:\PROGRA~1\COMMON~1\mmuz\mmuzm.exe

C:\PROGRA~1\Web Offer\wo.exe

C:\Program Files\America Online 7.0\aoltray.exe

C:\PROGRA~1\COMMON~1\mmuz\mmuza.exe

C:\WINDOWS\System32\wuauclt.exe

C:\PROGRA~1\Toolbar\radio.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

c:\windows\system32\ifndsp.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\clb-vb-eginwl.exe

C:\Program Files\Common Files\WinTools\WSup.exe

C:\Program Files\Aprps\CxtPls.exe

C:\Program Files\Media Access\MediaAccess.exe

C:\PROGRA~1\Toolbar\TBPS.exe

C:\PROGRA~1\Toolbar\TBPSSvc.exe

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\Program Files\Common Files\WinTools\WToolsS.exe

C:\PROGRA~1\eZula\mmod.exe

C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exe

C:\HJT\HijackThis.exe

C:\WINDOWS\System32\dumprep.exe

C:\WINDOWS\System32\dwwin.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\20fd7ffc9508b72d744f8dcd51816ea9\update\update.exe

C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchforit.com/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maxifiles.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchforit.com/searchbar

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchforit.com/searchbar

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\SYSsfitb.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [AOL Instant Messenger] aimsgr.exe

O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe

O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe

O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe

O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msdioo.exe

O4 - HKLM\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\bjarubj.exe

O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Stfpjq.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [spamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe

O4 - HKLM\..\Run: [spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe

O4 - HKLM\..\Run: [twjbujpy] C:\WINDOWS\System32\qxtiqspd.exe

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbWeatherOnTray.exe

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM\..\Run: [Qqdygs] C:\Program Files\Kekxieu\Ztifd.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"

O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\System32\pacis.exe

O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe

O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [ywdwf] C:\WINDOWS\System32\ptvux\ywdwf.exe

O4 - HKLM\..\Run: [kaelmwe] C:\WINDOWS\System32\kcae\kaelmwe.exe

O4 - HKLM\..\Run: [jedn] C:\WINDOWS\System32\clww\jedn.exe

O4 - HKLM\..\Run: [arntej] C:\WINDOWS\System32\gtrwkk\arntej.exe

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLORER.exe] C:\WINDOWS\IEXPLORER.exe

O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLORER.exe

O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLOR.EXE] C:\WINDOWS\IEXPLOR.EXE

O4 - HKLM\..\Run: [RUNGogoTools] C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe

O4 - HKLM\..\Run: [C:\WINDOWS\WinTask.exe] C:\WINDOWS\WinTask.exe

O4 - HKLM\..\Run: [PopMark] C:\WINDOWS\WinTask.exe

O4 - HKLM\..\Run: [gaprft] C:\WINDOWS\System32\rvvxp\gaprft.exe

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [rot] C:\WINDOWS\rot.exe

O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitetuv32.exe

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe

O4 - HKLM\..\Run: [idgenp] C:\WINDOWS\System32\idgenp.exe

O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe

O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun

O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"

O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun

O4 - HKLM\..\Run: [3e3lvhs5] C:\WINDOWS\System32\3e3lvhs5.exe

O4 - HKLM\..\Run: [mpdfuc] C:\WINDOWS\System32\mpdfuc.exe

O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\System32\guarnset.exe

O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe

O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16

O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe

O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rpnkup.exe reg_run

O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [cjeqmo] c:\windows\system32\ifndsp.exe

O4 - HKLM\..\Run: [o73g3qV] clb-vb-eginwl.exe

O4 - HKLM\..\Run: [sh32upt] C:\WINDOWS\sh32upt.exe

O4 - HKLM\..\RunServices: [AOL Instant Messenger] aimsgr.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1

O4 - HKCU\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKCU\..\Run: [ZwsmRkZsO] tjpanage.exe

O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe

O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe

O4 - HKCU\..\Run: [mmuz] C:\PROGRA~1\COMMON~1\mmuz\mmuzm.exe

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

O4 - HKCU\..\Run: [wzcbsy] C:\WINDOWS\System32\wzcbsy.exe

O4 - HKCU\..\RunOnce: [wzcbsy] C:\WINDOWS\System32\wzcbsy.exe

O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe

O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe

O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/jabber.ocx

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/ins...ckerutility.cab

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab

O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusmarketing.com/actsetup.cab

O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0003.exe

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\mscgdc.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing)

O23 - Service: jednclww - Unknown owner - C:\WINDOWS\System32\clww\jedn.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\mcshield.exe (file missing)

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

Link to post
Share on other sites
flashh4

flashh4

Posted
Posted

wow id like to work your log but im only in training to do them !!!! some day !!!!!

but i can tell what i see !

CoolWebSearch Trojan

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\System32\replaceSearch.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\SYSsfitb.dll

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.ex

O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe

O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe

O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe

O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msdioo.exe

O4 - HKLM\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\bjarubj.exe

O4 - HKLM\..\Run: [AutoUpdater] \"C:\Program Files\AutoUpdate\AutoUpdate.exe\"

O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbWeatherOnTray.exe

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] \"C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe\"

O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\System32\pacis.exe

O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe

O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

O4 - HKLM\..\Run: [C:\WINDOWS\IEXPLORER.exe] C:\WINDOWS\IEXPLORER.exe

O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLORER.exe

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe

O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun

O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe

O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16

O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rpnkup.exe reg_run

O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe

O4 - HKCU\..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe

O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\mscgdc.d

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

whewwwwww now maby someone can take over from here & tell you how to remove them !!

oh & you have a lot of files & some folders that need to be removed !!!

Link to post
Share on other sites
Avohir

Avohir

Posted
  • Author
Posted (edited)

thanks flash4, but I can handle it myself... I'm a Trusted Advisor at SpywareInfo... i just posted the log here to show everyone so they could be appropriately horrified at how bad it is. You also missed a couple key infections...

Edited by Avohir
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing