Pumpkinjack Posted June 22, 2005 Report Share Posted June 22, 2005 I have run ad-awarespybot microsoft antispywarenorton antivirusmicrotrend housecallcwshredderand all but housecall in safe mode not as bad since then but i know its still thereLogfile of HijackThis v1.99.1Scan saved at 9:33:46 AM, on 6/22/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\wanmpsvc.exeC:\windows\system\hpsysdrv.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\QuickTime\qttask.exec:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Messenger\msmsgs.exeC:\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostN3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\l7y42x47.slt\prefs.js)N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\l7y42x47.slt\prefs.js)O2 - BHO: Class - {005714CD-0630-8CC6-E2CB-ADCEC38BF51A} - C:\WINDOWS\system32\ntbi32.dllO2 - BHO: Class - {01E4E0CC-8390-738E-DCC2-DEFBA2BEAA16} - C:\WINDOWS\addwq32.dllO2 - BHO: Class - {15F23213-9CF2-EAE8-257C-69A75EC75BC0} - C:\WINDOWS\system32\ipbo32.dllO2 - BHO: Class - {184827EA-353B-98C7-CCF0-E9FA6D9FA145} - C:\WINDOWS\crvf32.dllO2 - BHO: Class - {19899FD2-72DC-ADED-A735-6279FA695369} - C:\WINDOWS\javaga.dllO2 - BHO: Class - {1C741A3D-21F2-C649-7160-432D9ED81A74} - C:\WINDOWS\system32\ielc32.dllO2 - BHO: Class - {26EB855E-8020-394A-64FD-DB123824DB35} - C:\WINDOWS\javapn.dllO2 - BHO: Class - {2D7B6DD1-DCC2-5B87-1522-23E436D64FE1} - C:\WINDOWS\system32\javatk32.dllO2 - BHO: Class - {30B9D3B6-3171-041B-C2E4-A7FD55558A20} - C:\WINDOWS\system32\mfcyx32.dllO2 - BHO: Class - {45723711-8D3F-C8F9-24E0-F252B24B3148} - C:\WINDOWS\sdkce.dllO2 - BHO: Class - {4844B1BF-4049-149D-AA03-7DC88E8A4193} - C:\WINDOWS\ipzw32.dllO2 - BHO: Class - {49E6CC14-E11C-706F-6006-BD9D4C0FAF32} - C:\WINDOWS\ntfw.dllO2 - BHO: Class - {4CDCBA87-7E66-3831-67E7-C02FD3C6CA1B} - C:\WINDOWS\system32\apibt.dllO2 - BHO: Class - {57CC204F-905A-2B4D-BD5E-30AC516741C9} - C:\WINDOWS\addbk.dllO2 - BHO: Class - {73156990-7CC1-9E5B-7282-2852A986EDAB} - C:\WINDOWS\system32\javand32.dllO2 - BHO: Class - {84AC618E-84E5-CB76-8ED6-545359351A5F} - C:\WINDOWS\system32\appqy.dllO2 - BHO: (no name) - {988C7124-18A2-C7FB-651E-534040091DFA} - C:\WINDOWS\system32\netkk32.dllO2 - BHO: Class - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - C:\WINDOWS\crau.dllO2 - BHO: Class - {A74D4CE3-CEAE-D2F7-A231-D25802D9DD83} - C:\WINDOWS\apibm.dllO2 - BHO: Class - {B8668F62-EE5D-30BC-F5E0-FD11BFA5F18B} - C:\WINDOWS\system32\d3mu.dllO2 - BHO: Class - {BB5A0FC4-FCAF-FA07-2E59-B4F763DA2F07} - C:\WINDOWS\system32\sdkvl.dllO2 - BHO: Class - {BEF263B7-4CDC-E395-290C-92A44E2A4339} - C:\WINDOWS\system32\msep.dllO2 - BHO: Class - {C238256B-77D8-01DF-8E7E-CA12D2224B07} - C:\WINDOWS\netgu.dllO2 - BHO: Class - {C7424DA8-E366-B763-AEE8-1DD605AC38B7} - C:\WINDOWS\system32\addzu.dllO2 - BHO: Class - {CAEAEAB9-C342-9405-CE69-D7940397BA70} - C:\WINDOWS\system32\javaok.dllO2 - BHO: Class - {D124E11B-5FEB-A448-1194-EE6A7E12004D} - C:\WINDOWS\system32\crhz.dllO2 - BHO: Class - {D3DFD4E6-1C5E-99E5-CD97-BC92535FF528} - C:\WINDOWS\javawn.dllO2 - BHO: Class - {D9AB9FC9-8666-A8DB-77B5-039C083D0597} - C:\WINDOWS\system32\iert32.dllO2 - BHO: Class - {E12F9AC5-10D5-A5B6-0619-4FBA819B52BE} - C:\WINDOWS\system32\sysrc32.dllO2 - BHO: Class - {E13962C2-96C6-E39D-08A3-1714DB5A46BC} - C:\WINDOWS\system32\ipuj.dllO4 - HKLM\..\Run: [blockTracker] c:\hp\bin\BlockTracker.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [hE7B] C:\documents and settings\owner\local settings\temp\hE7B.exeO4 - HKLM\..\Run: [5F8.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\5F8.tmp.exe 1 10001O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exeO4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHookO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)O9 - Extra button: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing)O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted Zone: *.frame.crazywinnings.comO15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocxO16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://www.wildtangent.com/multiplayer/cannonsmmp/wtinst.cabO16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cabO16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://216.139.213.20/main/Install/en/US/C...aDownloader.cabO16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cabO16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cabO16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/shapo/shapo.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled...aploader_v6.cabO16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/oemji_opt_o...erInstall_2.cabO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Link to post Share on other sites
Excal Posted June 23, 2005 Report Share Posted June 23, 2005 Hi and welcome to Best Techie! My name is Excal and I will be helping you.I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.We will use this program later.Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.1. Click this link to be sure you can view hidden files.2. Ensure you are NOT connected to the internet.3. Reboot into safe mode.Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.4. Close all browsers, windows and unneeded programs.5. Open HiJack and do a scan.6. Put a Check next to the following items: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/O2 - BHO: Class - {005714CD-0630-8CC6-E2CB-ADCEC38BF51A} - C:\WINDOWS\system32\ntbi32.dllO2 - BHO: Class - {01E4E0CC-8390-738E-DCC2-DEFBA2BEAA16} - C:\WINDOWS\addwq32.dllO2 - BHO: Class - {15F23213-9CF2-EAE8-257C-69A75EC75BC0} - C:\WINDOWS\system32\ipbo32.dllO2 - BHO: Class - {184827EA-353B-98C7-CCF0-E9FA6D9FA145} - C:\WINDOWS\crvf32.dllO2 - BHO: Class - {19899FD2-72DC-ADED-A735-6279FA695369} - C:\WINDOWS\javaga.dllO2 - BHO: Class - {1C741A3D-21F2-C649-7160-432D9ED81A74} - C:\WINDOWS\system32\ielc32.dllO2 - BHO: Class - {26EB855E-8020-394A-64FD-DB123824DB35} - C:\WINDOWS\javapn.dllO2 - BHO: Class - {2D7B6DD1-DCC2-5B87-1522-23E436D64FE1} - C:\WINDOWS\system32\javatk32.dllO2 - BHO: Class - {30B9D3B6-3171-041B-C2E4-A7FD55558A20} - C:\WINDOWS\system32\mfcyx32.dllO2 - BHO: Class - {45723711-8D3F-C8F9-24E0-F252B24B3148} - C:\WINDOWS\sdkce.dllO2 - BHO: Class - {4844B1BF-4049-149D-AA03-7DC88E8A4193} - C:\WINDOWS\ipzw32.dllO2 - BHO: Class - {49E6CC14-E11C-706F-6006-BD9D4C0FAF32} - C:\WINDOWS\ntfw.dllO2 - BHO: Class - {4CDCBA87-7E66-3831-67E7-C02FD3C6CA1B} - C:\WINDOWS\system32\apibt.dllO2 - BHO: Class - {57CC204F-905A-2B4D-BD5E-30AC516741C9} - C:\WINDOWS\addbk.dllO2 - BHO: Class - {73156990-7CC1-9E5B-7282-2852A986EDAB} - C:\WINDOWS\system32\javand32.dllO2 - BHO: Class - {84AC618E-84E5-CB76-8ED6-545359351A5F} - C:\WINDOWS\system32\appqy.dllO2 - BHO: (no name) - {988C7124-18A2-C7FB-651E-534040091DFA} - C:\WINDOWS\system32\netkk32.dllO2 - BHO: Class - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - C:\WINDOWS\crau.dllO2 - BHO: Class - {A74D4CE3-CEAE-D2F7-A231-D25802D9DD83} - C:\WINDOWS\apibm.dllO2 - BHO: Class - {B8668F62-EE5D-30BC-F5E0-FD11BFA5F18B} - C:\WINDOWS\system32\d3mu.dllO2 - BHO: Class - {BB5A0FC4-FCAF-FA07-2E59-B4F763DA2F07} - C:\WINDOWS\system32\sdkvl.dllO2 - BHO: Class - {BEF263B7-4CDC-E395-290C-92A44E2A4339} - C:\WINDOWS\system32\msep.dllO2 - BHO: Class - {C238256B-77D8-01DF-8E7E-CA12D2224B07} - C:\WINDOWS\netgu.dllO2 - BHO: Class - {C7424DA8-E366-B763-AEE8-1DD605AC38B7} - C:\WINDOWS\system32\addzu.dllO2 - BHO: Class - {CAEAEAB9-C342-9405-CE69-D7940397BA70} - C:\WINDOWS\system32\javaok.dllO2 - BHO: Class - {D124E11B-5FEB-A448-1194-EE6A7E12004D} - C:\WINDOWS\system32\crhz.dllO2 - BHO: Class - {D3DFD4E6-1C5E-99E5-CD97-BC92535FF528} - C:\WINDOWS\javawn.dllO2 - BHO: Class - {D9AB9FC9-8666-A8DB-77B5-039C083D0597} - C:\WINDOWS\system32\iert32.dllO2 - BHO: Class - {E12F9AC5-10D5-A5B6-0619-4FBA819B52BE} - C:\WINDOWS\system32\sysrc32.dllO2 - BHO: Class - {E13962C2-96C6-E39D-08A3-1714DB5A46BC} - C:\WINDOWS\system32\ipuj.dllO4 - HKLM\..\Run: [hE7B] C:\documents and settings\owner\local settings\temp\hE7B.exeO4 - HKLM\..\Run: [5F8.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\5F8.tmp.exe 1 10001O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)O15 - Trusted Zone: *.frame.crazywinnings.comO15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cabO16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocxO16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://www.wildtangent.com/multiplayer/cannonsmmp/wtinst.cab7. click the Fix Checked box8. Please remove just the files from the following paths using Windows Explorer (if present):C:\WINDOWS\system32\ntbi32.dllC:\WINDOWS\addwq32.dllC:\WINDOWS\system32\ipbo32.dllC:\WINDOWS\crvf32.dllC:\WINDOWS\javaga.dllC:\WINDOWS\system32\ielc32.dllC:\WINDOWS\javapn.dllC:\WINDOWS\system32\javatk32.dllC:\WINDOWS\system32\mfcyx32.dllC:\WINDOWS\sdkce.dllC:\WINDOWS\ipzw32.dllC:\WINDOWS\ntfw.dllC:\WINDOWS\system32\apibt.dllC:\WINDOWS\addbk.dllC:\WINDOWS\system32\javand32.dllC:\WINDOWS\system32\appqy.dllC:\WINDOWS\system32\netkk32.dllC:\WINDOWS\crau.dllC:\WINDOWS\apibm.dllC:\WINDOWS\system32\d3mu.dllC:\WINDOWS\system32\sdkvl.dllC:\WINDOWS\system32\msep.dllC:\WINDOWS\netgu.dllC:\WINDOWS\system32\addzu.dllC:\WINDOWS\system32\javaok.dllC:\WINDOWS\system32\crhz.dllC:\WINDOWS\javawn.dllC:\WINDOWS\system32\iert32.dllC:\WINDOWS\system32\sysrc32.dllC:\WINDOWS\system32\ipuj.dll9. Run the program CleanUp!10. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!11. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running. Link to post Share on other sites
Pumpkinjack Posted June 24, 2005 Author Report Share Posted June 24, 2005 I did everything you ask but when I looked for the files useing explorer I found none of them.Logfile of HijackThis v1.99.1Scan saved at 1:43:02 PM, on 6/24/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\wanmpsvc.exeC:\windows\system\hpsysdrv.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exec:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\America Online 9.0\waol.exeC:\Program Files\America Online 9.0\shellmon.exeC:\Program Files\America Online 9.0\aolwbspd.exeC:\Program Files\Messenger\msmsgs.exeC:\hijackthis\HijackThis.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeN3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\l7y42x47.slt\prefs.js)N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\l7y42x47.slt\prefs.js)O4 - HKLM\..\Run: [blockTracker] c:\hp\bin\BlockTracker.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exeO4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHookO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO9 - Extra button: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing)O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted Zone: *.frame.crazywinnings.comO15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://216.139.213.20/main/Install/en/US/C...aDownloader.cabO16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cabO16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cabO16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/shapo/shapo.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled...aploader_v6.cabO16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/oemji_opt_o...erInstall_2.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{062639E3-79D8-4C07-9686-8F46168AD605}: NameServer = 205.188.146.145O17 - HKLM\System\CS1\Services\Tcpip\..\{062639E3-79D8-4C07-9686-8F46168AD605}: NameServer = 205.188.146.145O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Link to post Share on other sites
Pumpkinjack Posted June 24, 2005 Author Report Share Posted June 24, 2005 activescanIncident Status Location Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll Adware:Adware/eZula No disinfected C:\WINDOWS\system32\sysfile.dll Adware:Adware/nCase No disinfected C:\WINDOWS\system32\FLEOK Adware:Adware/PortalScan No disinfected C:\Program Files\System Soap Pro Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Favorites\Search the Web for Everything in One Click!.url Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Owner\Application Data\Lycos Adware:Adware/IEDriver No disinfected Windows Registry Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\v?.dll Spyware:Spyware/YourSiteBar No disinfected Windows Registry Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\toolbar.exe Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Favorites\Search the Web for Everything in One Click!.url Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-113.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-130.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-136.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-214.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-255.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-357.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-396.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-440.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-535.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-571.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-582.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-767.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-789.dll Adware:Adware/SearchAid No disinfected C:\hijackthis\backups\backup-20050624-110017-803.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-829.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-843.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-887.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-156.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-252.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-387.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-412.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-546.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-653.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-671.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-739.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-753.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-794.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-797.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-839.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-933.dll Virus:Trj/Downloader.KD Disinfected C:\hijackthis\backups\backup-20050624-110019-400.inf Possible Virus. No disinfected C:\Program Files\Internet Explorer\dxbdgefk.exe Possible Virus. No disinfected C:\Program Files\Internet Explorer\kivunpss.exe Possible Virus. No disinfected C:\Program Files\Internet Explorer\tmwlbqfd.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\addby32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\addej32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\addev32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\addgm.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\addgy32.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\addwu32.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\addyt32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\apiaq.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\apikq32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\apioz32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\apipr32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\appzo32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\atldb32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\atlrw32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\atlsy.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\atlwe.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\atlyv32.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-cvuacy.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\BundleOuter2601031121.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\EDow_AS2.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ezStub.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\icmedia_7.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_silent_17123.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\VT02.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\crcm32.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\crun.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\crwt.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\crxm.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3gi32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3jh32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3oj32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3pq.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3ps32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3xh32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3zj32.exe Possible Virus. No disinfected C:\WINDOWS\Downloaded Program Files\dxbdgefk.exe Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\v2.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\iefm32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ieth32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\iexu32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ipff32.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipmc.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ipqo32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ipxy32.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaaw.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\javair.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\javalj.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\javamb32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\javath32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\javatn32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mfcic32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mfcox32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mfcvl.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mfcyq.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mfczm.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\msfp32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\msjp32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mspj.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mspm.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\msse32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mszf32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\netkk.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\netoe32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\netua.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\netwn.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntdz32.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ntek.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ntpb32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ntza32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ntzd32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ntzf.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_byxjpj.log Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\pss\ncdr.exeCommon Startup Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkbn.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\sdkjc.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkka32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\sdkkp.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\sdklb32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkld32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdklj.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\sdkmr.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkob.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkpb.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkqk32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\sdkwa.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkxk32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkxm32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\sdkyd.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkzs32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\syscb32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syscl32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysha32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysjw32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syslo.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syslw.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syslx32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysma32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysmq32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysox.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syspf.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysqg.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysqw32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysrk.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\addbe.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\addck32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\addgi.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\addpl32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\addxz32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\apich.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\appga32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\appni32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\apppw32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atlam.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atlap32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atljk.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atloq32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atlow.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atlri.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atlwq32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atlzb32.exe Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\AvlPk4g.exe Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\Bwd9m.exe Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll Adware:Adware/EliteBar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4R61QTW1\silent_install[1].exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crae32.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\crgt32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\crjp32.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crus.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\cruz32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\crxo32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3cl32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3cq.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3gl.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3ht32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3ni.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3rp32.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3se.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3xe.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\iebb.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iefn32.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\iejg32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ielr.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\iern.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\iery.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\iezi.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ipbg32.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iphs32.dll Link to post Share on other sites
Pumpkinjack Posted June 24, 2005 Author Report Share Posted June 24, 2005 Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\iphy.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ipmx32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ipqc32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ipwt32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\javaet32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\javafm32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\javajv.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\javasq.exe Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\Kjxpex=.jpg.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mfcax.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mfccg.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mfcng.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mfcxa32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mfcxb.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mfcxq.exe Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\MhoK9W3.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msaw32.exe Virus:Trj/Downloader.HK Disinfected C:\WINDOWS\system32\msbar.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msbq.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mscz.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msgq.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msjo32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msls32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msng.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msnl32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msot.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\netce32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\netcf.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\netjd.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ntfz.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ntou32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sdkba.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sdktf32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sdkvs32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sdkyw.exe Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\supdate.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sysdz32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sysek32.exe Adware:Adware/eZula No disinfected C:\WINDOWS\system32\sysfile.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sysgm.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\syshf.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sysir.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\syswc.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\syszv.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\syszv32.dll Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\winbs.dll Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\winis32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\winnj.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\winpv32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\winwu.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\winys32.exe Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\XfpamdX.exe Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\system32\zbpozoo.dll Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\systx32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysvc32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysxf.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysyk32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syszw32.exe Spyware:Spyware/XXXToolbar No disinfected C:\WINDOWS\toolbar.exe Adware:Adware/EasySearch No disinfected C:\WINDOWS\vrzwg.dll Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winci.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winej.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\winfo.dll Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winfo32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\wingi.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\wingy.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhg32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhi.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhq.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhw32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winja.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winkt.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winku.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winlk.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winnm.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winqa32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winra32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winre32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winrs.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winsh.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winsr32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winsv32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winug32.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winur.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winuu32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winvw32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winyd32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winye.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winyz.exe Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winzg32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winzs.exe Link to post Share on other sites
Excal Posted June 24, 2005 Report Share Posted June 24, 2005 Right click on the Microsoft/Giant AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection.Download about:buster by RubbeRDuckY Here.Download CWShredder here to its own folder.Update CWShredder Open CWShredder and click I AGREE Click Check For Update Close CWShredderWe will be using this program later.Update About:BusterUnzip the contents of AboutBuster.zip and an AboutBuster directory will be created.Navigate to the AboutBuster directory and double-click on AboutBuster.exe.Click "Update" and then "Check For Update" to begin the update process.If any updates exist please download them by clicking "Download Update" then click the X to close that window.Now close About:BusterRight-Click HERE and Save As to download DelDomains.inf to your desktop.To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.Reboot into safe mode.Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.Please run about:buster by RubbeRDuckY:Click Begin Removal.It will begin to check your computer for malicious files. AboutBuster will finish and open a new page. Follow the instructions for protection on that page.Shut down AboutBuster. A log should have been created.Please Save this log and copy it in your next post.Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. reboot into normal mode.run these 2 free trojan scans: Trojan ScanTrojan Scan2after the scan are done please do another active scan and post the results along with the about:buster log and a fresh Hijackthis log.Thanks Excal Link to post Share on other sites
Pumpkinjack Posted June 27, 2005 Author Report Share Posted June 27, 2005 Incident Status Location Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll Adware:Adware/eZula No disinfected C:\WINDOWS\system32\sysfile.dll Adware:Adware/nCase No disinfected C:\WINDOWS\system32\FLEOK Adware:Adware/PortalScan No disinfected C:\Program Files\System Soap Pro Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Favorites\Search the Web for Everything in One Click!.url Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Owner\Application Data\Lycos Adware:Adware/IEDriver No disinfected Windows Registry Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\v?.dll Spyware:Spyware/YourSiteBar No disinfected Windows Registry Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\toolbar.exe Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Favorites\Search the Web for Everything in One Click!.url Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-113.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-130.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-136.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-214.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-255.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-357.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-396.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-440.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-535.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-571.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-582.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-767.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-789.dll Adware:Adware/SearchAid No disinfected C:\hijackthis\backups\backup-20050624-110017-803.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-829.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-843.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-887.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-156.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-252.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-387.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-412.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-546.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-653.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-671.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-739.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-753.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-794.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-797.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-839.dll Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-933.dll Possible Virus. No disinfected C:\Program Files\Internet Explorer\dxbdgefk.exe Possible Virus. No disinfected C:\Program Files\Internet Explorer\kivunpss.exe Possible Virus. No disinfected C:\Program Files\Internet Explorer\tmwlbqfd.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\addwu32.dll Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-cvuacy.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\BundleOuter2601031121.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\EDow_AS2.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ezStub.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\icmedia_7.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_silent_17123.exe Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\VT02.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\crcm32.dll Adware:Adware/SearchAid No disinfected C:\WINDOWS\crwt.dll Possible Virus. No disinfected C:\WINDOWS\Downloaded Program Files\dxbdgefk.exe Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\v2.dll Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipmc.dll Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaaw.dll Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntdz32.dll Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_byxjpj.log Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\pss\ncdr.exeCommon Startup Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkbn.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkka32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkld32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdklj.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkob.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkpb.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkqk32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkxk32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkxm32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkzs32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syscl32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysha32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysjw32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syslo.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syslw.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syslx32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysma32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysmq32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysox.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syspf.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysqg.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysqw32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysrk.exe Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\AvlPk4g.exe Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\Bwd9m.exe Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll Adware:Adware/EliteBar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4R61QTW1\silent_install[1].exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crae32.dll Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crus.dll Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3se.dll Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iefn32.dll Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iphs32.dll Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\Kjxpex=.jpg.exe Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\MhoK9W3.exe Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\supdate.dll Adware:Adware/eZula No disinfected C:\WINDOWS\system32\sysfile.dll Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sysir.dll Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\syszv32.dll Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\winbs.dll Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\XfpamdX.exe Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\system32\zbpozoo.dll Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\systx32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysvc32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysxf.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysyk32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syszw32.exe Spyware:Spyware/XXXToolbar No disinfected C:\WINDOWS\toolbar.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winci.exe Adware:Adware/SearchAid No disinfected C:\WINDOWS\winfo.dll Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winfo32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\wingy.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhg32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhi.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhq.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhw32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winja.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winkt.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winlk.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winqa32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winra32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winre32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winrs.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winsr32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winsv32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winug32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winuu32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winvw32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winyd32.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winye.exe Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winzs.exe Link to post Share on other sites
Pumpkinjack Posted June 27, 2005 Author Report Share Posted June 27, 2005 AboutBuster 5.0 reference file 30Scan started on [6/27/2005] at [9:23:56 AM]------------------------------------------------Removed Stream! C:\WINDOWS\A5W.INI:qsqnqRemoved Stream! C:\WINDOWS\atid.ini:cxhsqRemoved Stream! C:\WINDOWS\avafq.log:hmoxuRemoved Stream! C:\WINDOWS\cmsetacl.log:fiqrvRemoved Stream! C:\WINDOWS\Coffee Bean.bmp:fpyzuRemoved Stream! C:\WINDOWS\Coffee Bean.bmp:vmihqRemoved Stream! C:\WINDOWS\COM+.log:cqxdiRemoved Stream! C:\WINDOWS\COM+.log:gpfqaRemoved Stream! C:\WINDOWS\COM+.log:kyqpgRemoved Stream! C:\WINDOWS\comsetup.log:hultuRemoved Stream! C:\WINDOWS\comsetup.log:yskqwRemoved Stream! C:\WINDOWS\control.ini:sstrdRemoved Stream! C:\WINDOWS\control.ini:zlnheRemoved Stream! C:\WINDOWS\corelpf.lrs:aqqhmRemoved Stream! C:\WINDOWS\corelpf.lrs:mdhckRemoved Stream! C:\WINDOWS\corelpf.lrs:vagqzRemoved Stream! C:\WINDOWS\CTL3D32.DLL:ootdaRemoved Stream! C:\WINDOWS\CTL3D32.DLL:ootdaRemoved Stream! C:\WINDOWS\d3dx.dat:vovxgRemoved Stream! C:\WINDOWS\dahotfix.log:ujctlRemoved Stream! C:\WINDOWS\DDJGHGJJ.ini:ddsazRemoved Stream! C:\WINDOWS\DDJGHGJJ.ini:kflazRemoved Stream! C:\WINDOWS\DDJGHGJJ.ini:rtiriRemoved Stream! C:\WINDOWS\DDJGHGJJ.ini:wcmqyRemoved Stream! C:\WINDOWS\DDJGHGJJ.ini:xckvgRemoved Stream! C:\WINDOWS\desktop.ini:drngeRemoved Stream! C:\WINDOWS\disney.ini:dxaznRemoved Stream! C:\WINDOWS\disney.ini:ozxigRemoved Stream! C:\WINDOWS\disneysy.ini:ksbemRemoved Stream! C:\WINDOWS\drwatson.log:gufocRemoved Stream! C:\WINDOWS\drwatson.log:jukmfRemoved Stream! C:\WINDOWS\DtcInstall.log:hfddyRemoved Stream! C:\WINDOWS\DtcInstall.log:naqysRemoved Stream! C:\WINDOWS\DtcInstall.log:shaqnRemoved Stream! C:\WINDOWS\DtcInstall.log:usbblRemoved Stream! C:\WINDOWS\eReg.dat:qnnpqRemoved Stream! C:\WINDOWS\EReg515.dat:dfvxcRemoved Stream! C:\WINDOWS\EReg515.dat:whbdvRemoved Stream! C:\WINDOWS\EReg515.dat:xfcapRemoved Stream! C:\WINDOWS\explorer.scf:dajhgRemoved Stream! C:\WINDOWS\explorer.scf:kedpxRemoved Stream! C:\WINDOWS\FaxSetup.log:asabdRemoved Stream! C:\WINDOWS\FeatherTexture.bmp:odqpcRemoved Stream! C:\WINDOWS\FreeOffers.ini:cdspqRemoved Stream! C:\WINDOWS\FreeOffers.ini:uxzwvRemoved Stream! C:\WINDOWS\FreeOffers.ini:xhiihRemoved Stream! C:\WINDOWS\Gizmos 24k.bmp:aupfdRemoved Stream! C:\WINDOWS\Gizmos 24k.bmp:grnunRemoved Stream! C:\WINDOWS\Gizmos DaddyO.bmp:hocgwRemoved Stream! C:\WINDOWS\Gizmos DaddyO.bmp:vfhztRemoved Stream! C:\WINDOWS\Gizmos Industrial.bmp:oioioRemoved Stream! C:\WINDOWS\Gizmos Sacred Spirit.bmp:ajcpqRemoved Stream! C:\WINDOWS\Gizmos Sacred Spirit.bmp:evqktRemoved Stream! C:\WINDOWS\Gizmos Victorian.bmp:cwwycRemoved Stream! C:\WINDOWS\Gizmos Victorian.bmp:ogzmvRemoved Stream! C:\WINDOWS\Gone Fishing.bmp:ngzvqRemoved Stream! C:\WINDOWS\Gone Fishing.bmp:ojoctRemoved Stream! C:\WINDOWS\Gone Fishing.bmp:sdcikRemoved Stream! C:\WINDOWS\Gone Fishing.bmp:zjqqqRemoved Stream! C:\WINDOWS\Greenstone.bmp:fixhzRemoved Stream! C:\WINDOWS\Greenstone.bmp:jmneqRemoved Stream! C:\WINDOWS\hphmdl11.dat:llioyRemoved Stream! C:\WINDOWS\iis6.log:gfptfRemoved Stream! C:\WINDOWS\intuprof.ini:gpnzdRemoved Stream! C:\WINDOWS\intuprof.ini:oiybwRemoved Stream! C:\WINDOWS\intuprof.ini:ojdisRemoved Stream! C:\WINDOWS\iPlayer.INI:kytpnRemoved Stream! C:\WINDOWS\jautoexp.dat:bidilRemoved Stream! C:\WINDOWS\javafo32.dll:ivvthRemoved Stream! C:\WINDOWS\KB813744.log:ofcnjRemoved Stream! C:\WINDOWS\KB813744.log:tcbtmuRemoved Stream! C:\WINDOWS\KB821557.log:tqiavRemoved Stream! C:\WINDOWS\KB823182.log:hsekcRemoved Stream! C:\WINDOWS\KB823182.log:vyxyxRemoved Stream! C:\WINDOWS\KB823980.log:lduygfRemoved Stream! C:\WINDOWS\KB823980.log:lrafxRemoved Stream! C:\WINDOWS\KB824105.log:jwtzmRemoved Stream! C:\WINDOWS\KB824105.log:qwcknRemoved Stream! C:\WINDOWS\KB824105.log:regtcRemoved Stream! C:\WINDOWS\KB824141.log:jdatwRemoved Stream! C:\WINDOWS\KB824141.log:tktprRemoved Stream! C:\WINDOWS\KB824146.log:awvvfRemoved Stream! C:\WINDOWS\KB824146.log:fdzjuRemoved Stream! C:\WINDOWS\KB825119.log:adxicRemoved Stream! C:\WINDOWS\KB825119.log:mheuvRemoved Stream! C:\WINDOWS\KB826939.log:mwksjRemoved Stream! C:\WINDOWS\KB828035.log:jgokdRemoved Stream! C:\WINDOWS\KB828035.log:nolfhRemoved Stream! C:\WINDOWS\KB828035.log:yuyyvRemoved Stream! C:\WINDOWS\KB828741.log:hgyehRemoved Stream! C:\WINDOWS\KB828741.log:spuuxRemoved Stream! C:\WINDOWS\KB828741.log:tozfdRemoved Stream! C:\WINDOWS\KB834707.log:cuyugRemoved Stream! C:\WINDOWS\KB834707.log:iwprqRemoved Stream! C:\WINDOWS\KB837001.log:inlveRemoved Stream! C:\WINDOWS\KB837001.log:iwglfRemoved Stream! C:\WINDOWS\KB839643-DirectX9.log:lwfbjRemoved Stream! C:\WINDOWS\KB839643-DirectX9.log:pvzmmRemoved Stream! C:\WINDOWS\KB841873.log:qnwhgRemoved Stream! C:\WINDOWS\KB841873.log:wlqkmRemoved Stream! C:\WINDOWS\KB841873.log:zfbciRemoved Stream! C:\WINDOWS\KB842773.log:ebqvxRemoved Stream! C:\WINDOWS\KB867282.log:mziqoRemoved Stream! C:\WINDOWS\KB867282.log:wurydRemoved Stream! C:\WINDOWS\KB873333.log:rjeioRemoved Stream! C:\WINDOWS\KB873339.log:guuorRemoved Stream! C:\WINDOWS\KB873339.log:xwyefRemoved Stream! C:\WINDOWS\KB885250.log:zejyfRemoved Stream! C:\WINDOWS\KB885835.log:ekmpdRemoved Stream! C:\WINDOWS\KB885835.log:mpmlnRemoved Stream! C:\WINDOWS\KB885835.log:ugkkvRemoved Stream! C:\WINDOWS\KB885835.log:wlgsaRemoved Stream! C:\WINDOWS\KB885836.log:meaenRemoved Stream! C:\WINDOWS\KB885836.log:xtopxRemoved Stream! C:\WINDOWS\KB886185.log:aiwikRemoved Stream! C:\WINDOWS\KB887472.log:hjureRemoved Stream! C:\WINDOWS\KB887472.log:ootstRemoved Stream! C:\WINDOWS\KB887472.log:qshwqRemoved Stream! C:\WINDOWS\KB887742.log:jrrjhRemoved Stream! C:\WINDOWS\KB887742.log:oujhbRemoved Stream! C:\WINDOWS\KB888113.log:fqvfoRemoved Stream! C:\WINDOWS\KB888113.log:obvrnRemoved Stream! C:\WINDOWS\KB888113.log:wtzmaRemoved Stream! C:\WINDOWS\KB890047.log:bapiaRemoved Stream! C:\WINDOWS\KB890047.log:reajnRemoved Stream! C:\WINDOWS\KB890047.log:zueycRemoved Stream! C:\WINDOWS\KB890175.log:eqbgwRemoved Stream! C:\WINDOWS\KB890859.log:eqiskRemoved Stream! C:\WINDOWS\KB890859.log:iosgqRemoved Stream! C:\WINDOWS\KB890859.log:itbtnRemoved Stream! C:\WINDOWS\KB890859.log:pdmeyRemoved Stream! C:\WINDOWS\KB890923.log:tmihvRemoved Stream! C:\WINDOWS\KB891781.log:cpnzwRemoved Stream! C:\WINDOWS\KB893066.log:tiiskRemoved Stream! C:\WINDOWS\KB893066.log:wtibzRemoved Stream! C:\WINDOWS\KB893086.log:phentRemoved Stream! C:\WINDOWS\KB893803.log:qjgyjRemoved Stream! C:\WINDOWS\KB893803.log:wozrnRemoved Stream! C:\WINDOWS\KB893803.log:yolhbRemoved Stream! C:\WINDOWS\KB893803v2.log:bnychRemoved Stream! C:\WINDOWS\KB893803v2.log:rvcpsRemoved Stream! C:\WINDOWS\kjmvg.dat:abanoRemoved Stream! C:\WINDOWS\kjmvg.dat:enernRemoved Stream! C:\WINDOWS\kjmvg.dat:qrfyhRemoved Stream! C:\WINDOWS\kjmvg.dat:rvjhdRemoved Stream! C:\WINDOWS\Living Wilderness.ini:nrepaRemoved Stream! C:\WINDOWS\Living Wilderness.scr:fvtcbRemoved Stream! C:\WINDOWS\lsguu.dat:hgxnbRemoved Stream! C:\WINDOWS\marker_2.bin:cqkahRemoved Stream! C:\WINDOWS\mktbrws.ses:rccxrRemoved Stream! C:\WINDOWS\mozver.dat:yvpxsRemoved Stream! C:\WINDOWS\msdfmap.ini:ipkmtRemoved Stream! C:\WINDOWS\msdfmap.ini:utkgoRemoved Stream! C:\WINDOWS\msgsocm.log:dechtRemoved Stream! C:\WINDOWS\msgsocm.log:mtmyaRemoved Stream! C:\WINDOWS\mWinXpD.txt:esukrRemoved Stream! C:\WINDOWS\mWinXpD.txt:gfgbzRemoved Stream! C:\WINDOWS\mWinXpD.txt:jqumaRemoved Stream! C:\WINDOWS\mWinXpD2.txt:odbenRemoved Stream! C:\WINDOWS\Netscape 7.0 Wallpaper.bmp:xyuvpRemoved Stream! C:\WINDOWS\nshwi.log:jbmyiRemoved Stream! C:\WINDOWS\nsreg.dat:bxrzgRemoved Stream! C:\WINDOWS\ntdtcsetup.log:sczvqRemoved Stream! C:\WINDOWS\n_byxjpj.log:qlpguRemoved Stream! C:\WINDOWS\n_ghzeyh.dat:vwwzuRemoved Stream! C:\WINDOWS\ocgen.log:msytqRemoved Stream! C:\WINDOWS\ocmsn.log:dilfyRemoved Stream! C:\WINDOWS\ocmsn.log:iqdhiRemoved Stream! C:\WINDOWS\ocmsn.log:zmgziRemoved Stream! C:\WINDOWS\ODBCINST.INI:fcwvhRemoved Stream! C:\WINDOWS\OEWABLog.txt:kufnwRemoved Stream! C:\WINDOWS\OEWABLog.txt:qtenlRemoved Stream! C:\WINDOWS\orun32.ini:kkppsRemoved Stream! C:\WINDOWS\orun32.isu:evrhxRemoved Stream! C:\WINDOWS\orun32.isu:lcamiRemoved Stream! C:\WINDOWS\Prairie Wind.bmp:bgvesRemoved Stream! C:\WINDOWS\Prairie Wind.bmp:mcscfRemoved Stream! C:\WINDOWS\Prairie Wind.bmp:yumjdRemoved Stream! C:\WINDOWS\Q323255.log:nvnhnRemoved Stream! C:\WINDOWS\Q323255.log:scmciRemoved Stream! C:\WINDOWS\Q329048.log:gqtkjRemoved Stream! C:\WINDOWS\Q329048.log:jyeasRemoved Stream! C:\WINDOWS\Q329048.log:rebxhRemoved Stream! C:\WINDOWS\Q329170.log:lrjmtRemoved Stream! C:\WINDOWS\Q329170.log:qnlnrRemoved Stream! C:\WINDOWS\Q329390.log:eaghlRemoved Stream! C:\WINDOWS\Q329390.log:hmgncRemoved Stream! C:\WINDOWS\Q329390.log:jvtbaRemoved Stream! C:\WINDOWS\Q329390.log:kuzxbRemoved Stream! C:\WINDOWS\Q329834.log:driheRemoved Stream! C:\WINDOWS\Q329834.log:duvfkRemoved Stream! C:\WINDOWS\Q329834.log:pjwptRemoved Stream! C:\WINDOWS\Q329834.log:rxfpyRemoved Stream! C:\WINDOWS\Q329834.log:uoykgRemoved Stream! C:\WINDOWS\q330638.log:wltxnRemoved Stream! C:\WINDOWS\Q331060.log:crrbuRemoved Stream! C:\WINDOWS\Q331060.log:fghseRemoved Stream! C:\WINDOWS\Q331060.log:vvvwoRemoved Stream! C:\WINDOWS\Q331060.log:xthejRemoved Stream! C:\WINDOWS\Q331953.log:ubitpRemoved Stream! C:\WINDOWS\Q810565.log:lsaivRemoved Stream! C:\WINDOWS\Q810577.log:hzjvfRemoved Stream! C:\WINDOWS\Q810577.log:tztleRemoved Stream! C:\WINDOWS\Q810577.log:zlqdmRemoved Stream! C:\WINDOWS\Q810833.log:ixrmkRemoved Stream! C:\WINDOWS\Q811493.log:jzxdtRemoved Stream! C:\WINDOWS\Q811493.log:nvehfRemoved Stream! C:\WINDOWS\Q814033.log:dpwzaRemoved Stream! C:\WINDOWS\Q815021.log:kjnyiRemoved Stream! C:\WINDOWS\Q815021.log:xjaxiRemoved Stream! C:\WINDOWS\Q817287.log:jhtfxRemoved Stream! C:\WINDOWS\Q817287.log:kpnltRemoved Stream! C:\WINDOWS\Q817606.log:lfqwrRemoved Stream! C:\WINDOWS\Q819696.log:olgagRemoved Stream! C:\WINDOWS\qlgfm.dat:fizgtRemoved Stream! C:\WINDOWS\QUICKEN.INI:wgchnRemoved Stream! C:\WINDOWS\quirw.log:wxqfcRemoved Stream! C:\WINDOWS\regopt.log:nmthcRemoved Stream! C:\WINDOWS\regopt.log:vdyliRemoved Stream! C:\WINDOWS\regopt.log:xkfekRemoved Stream! C:\WINDOWS\Rhododendron.bmp:gunreRemoved Stream! C:\WINDOWS\River Sumida.bmp:edvesRemoved Stream! C:\WINDOWS\River Sumida.bmp:repvtRemoved Stream! C:\WINDOWS\River Sumida.bmp:uzsawRemoved Stream! C:\WINDOWS\rngctmp.txt:wvdnbRemoved Stream! C:\WINDOWS\Santa Fe Stucco.bmp:helcvRemoved Stream! C:\WINDOWS\Santa Fe Stucco.bmp:onhuoRemoved Stream! C:\WINDOWS\SchedLgU.Txt:hfiqaRemoved Stream! C:\WINDOWS\scins.exe:ihmzeRemoved Stream! C:\WINDOWS\setupact.log:dfmpkRemoved Stream! C:\WINDOWS\setupact.log:keoflRemoved Stream! C:\WINDOWS\setupact.log:omohrRemoved Stream! C:\WINDOWS\setupact.log:zzbyaRemoved Stream! C:\WINDOWS\setupapi.log:dhzeeRemoved Stream! C:\WINDOWS\setupapi.log:hydjvRemoved Stream! C:\WINDOWS\setupapi.log.0.old:razszRemoved Stream! C:\WINDOWS\setuperr.log:vnuzeRemoved Stream! C:\WINDOWS\setuplog.txt:bioaxRemoved Stream! C:\WINDOWS\setuplog.txt:gajwxRemoved Stream! C:\WINDOWS\SIERRA.INI:njxrtRemoved Stream! C:\WINDOWS\smscfg.ini:ookfyRemoved Stream! C:\WINDOWS\smscfg.ini:vefimRemoved Stream! C:\WINDOWS\spupdsvc.log:xunbdRemoved Stream! C:\WINDOWS\Sti_Trace.log:gtikiRemoved Stream! C:\WINDOWS\Sti_Trace.log:mwflxRemoved Stream! C:\WINDOWS\svcpack.log:hmhtuRemoved Stream! C:\WINDOWS\svcpack.log:ioccsRemoved Stream! C:\WINDOWS\switchagreement.txt:zqhyqRemoved Stream! C:\WINDOWS\switchagreement.txt:ztosuRemoved Stream! C:\WINDOWS\TEXTART.INI:fobpmRemoved Stream! C:\WINDOWS\TEXTART.INI:ljinsRemoved Stream! C:\WINDOWS\Thk3216.dll:estrpzRemoved Stream! C:\WINDOWS\Thumbs.db:encryptableRemoved Stream! C:\WINDOWS\tsoc.log:jbspvRemoved Stream! C:\WINDOWS\tsoc.log:pbpbdfRemoved Stream! C:\WINDOWS\tsoc.log:uimeuRemoved Stream! C:\WINDOWS\TWAIN.LOG:awcmyRemoved Stream! C:\WINDOWS\Twain001.Mtx:lotlcRemoved Stream! C:\WINDOWS\twain_.bin:fmhjiRemoved Stream! C:\WINDOWS\twain_.bin:laczuRemoved Stream! C:\WINDOWS\twain_.bin:qfqagRemoved Stream! C:\WINDOWS\Twunk001.MTX:gfkmjRemoved Stream! C:\WINDOWS\updspapi.log:lxfxuRemoved Stream! C:\WINDOWS\updspapi.log:oyyzvRemoved Stream! C:\WINDOWS\upth.ini:iyzsxRemoved Stream! C:\WINDOWS\upth.ini:wsfamRemoved Stream! C:\WINDOWS\viqir.dat:hvahtdRemoved Stream! C:\WINDOWS\viqir.dat:ziqazRemoved Stream! C:\WINDOWS\vminst.log:gxnhzRemoved Stream! C:\WINDOWS\vminst.log:kbnviRemoved Stream! C:\WINDOWS\vminst.log:nytqiRemoved Stream! C:\WINDOWS\wa.INI:sdtheRemoved Stream! C:\WINDOWS\wiadebug.log:mikqvRemoved Stream! C:\WINDOWS\wiaservc.log:gtrjsRemoved Stream! C:\WINDOWS\Windows Update.log:clnjiRemoved Stream! C:\WINDOWS\WindowsUpdate.log:jnbarRemoved Stream! C:\WINDOWS\wininit.ini:jfrjsRemoved Stream! C:\WINDOWS\winnt.bmp:gkarcRemoved Stream! C:\WINDOWS\winnt.bmp:khkgkRemoved Stream! C:\WINDOWS\winnt.bmp:tlucjRemoved Stream! C:\WINDOWS\winnt256.bmp:ceenkRemoved Stream! C:\WINDOWS\winnt256.bmp:qfjxrRemoved Stream! C:\WINDOWS\wmsetup10.log:insveRemoved Stream! C:\WINDOWS\WMSysPr9.prx:euhwhRemoved Stream! C:\WINDOWS\WMSysPr9.prx:jnnefRemoved Stream! C:\WINDOWS\wolves.scr:lvcbfRemoved Stream! C:\WINDOWS\wolves.scr:rifswRemoved Stream! C:\WINDOWS\wolves.scr:tbhdzRemoved Stream! C:\WINDOWS\WORDPAD.INI:opjqcRemoved Stream! C:\WINDOWS\xpsp1hfm.log:prvsfRemoved Stream! C:\WINDOWS\xpsp1hfm.log:vqttjRemoved Stream! C:\WINDOWS\yqkxf.txt:numkmRemoved Stream! C:\WINDOWS\yqkxf.txt:thprrRemoved Stream! C:\WINDOWS\{6DB89303-9ECE-467E-A812-8C34B07C2407}.dat:eqyry------------------------------------------------Removed File! : C:\Windows\vrzwg.dllRemoved File! : C:\Windows\System32\zhnpg.dat------------------------------------------------Scan was COMPLETED SUCCESSFULLY at 9:25:05 AM Link to post Share on other sites
Pumpkinjack Posted June 27, 2005 Author Report Share Posted June 27, 2005 Logfile of HijackThis v1.99.1Scan saved at 12:13:41 PM, on 6/27/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\wanmpsvc.exeC:\windows\system\hpsysdrv.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\WINDOWS\system32\rundll32.exec:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\America Online 9.0\waol.exeC:\Program Files\America Online 9.0\shellmon.exeC:\Program Files\America Online 9.0\aolwbspd.exeC:\Program Files\Messenger\msmsgs.exeC:\hijackthis\HijackThis.exeN3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\l7y42x47.slt\prefs.js)N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\l7y42x47.slt\prefs.js)O4 - HKLM\..\Run: [blockTracker] c:\hp\bin\BlockTracker.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exeO4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHookO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO9 - Extra button: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing)O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://216.139.213.20/main/Install/en/US/C...aDownloader.cabO16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cabO16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cabO16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/shapo/shapo.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled...aploader_v6.cabO16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/oemji_opt_o...erInstall_2.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{062639E3-79D8-4C07-9686-8F46168AD605}: NameServer = 205.188.146.145O17 - HKLM\System\CS1\Services\Tcpip\..\{062639E3-79D8-4C07-9686-8F46168AD605}: NameServer = 205.188.146.145O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Link to post Share on other sites
Excal Posted June 27, 2005 Report Share Posted June 27, 2005 (edited) Hi Pumpkinjack,1) Please download the Killbox.Unzip it to the desktop but do NOT run it yet.2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.3) Please remove the following folders using Windows Explorer (if present):C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4R61QTW1C:\Documents and Settings\Owner\Favorites\Search the Web for Everything in One Click!.urlC:\WINDOWS\BundlesC:\Documents and Settings\Owner\Application Data\LycosC:\WINDOWS\system32\FLEOKC:\Program Files\System Soap Pro4) Once in Safe Mode,8. Please run Killbox. Select "Delete on Reboot". Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:C:\WINDOWS\system32\cd_clint.dllC:\WINDOWS\system32\sysfile.dllC:\WINDOWS\Downloaded Program Files\v?.dllC:\WINDOWS\toolbar.exeC:\Program Files\Internet Explorer\dxbdgefk.exeC:\Program Files\Internet Explorer\kivunpss.exeC:\Program Files\Internet Explorer\tmwlbqfd.exeC:\WINDOWS\addwu32.dllC:\WINDOWS\crcm32.dllC:\WINDOWS\crwt.dllC:\WINDOWS\Downloaded Program Files\dxbdgefk.exeC:\WINDOWS\Downloaded Program Files\popcaploader.dllC:\WINDOWS\Downloaded Program Files\popcaploader.infC:\WINDOWS\Downloaded Program Files\v2.dllC:\WINDOWS\ipmc.dllC:\WINDOWS\javaaw.dllC:\WINDOWS\ntdz32.dllC:\WINDOWS\n_byxjpj.logC:\WINDOWS\pss\ncdr.exeC:\WINDOWS\sdkbn.exeC:\WINDOWS\sdkka32.exeC:\WINDOWS\sdkld32.exeC:\WINDOWS\sdklj.exeC:\WINDOWS\sdkob.exeC:\WINDOWS\sdkpb.exeC:\WINDOWS\sdkqk32.exeC:\WINDOWS\sdkxk32.exeC:\WINDOWS\sdkxm32.exeC:\WINDOWS\sdkzs32.exeC:\WINDOWS\syscl32.exeC:\WINDOWS\sysha32.exeC:\WINDOWS\sysjw32.exeC:\WINDOWS\syslo.exeC:\WINDOWS\syslw.exeC:\WINDOWS\syslx32.exeC:\WINDOWS\sysma32.exeC:\WINDOWS\sysmq32.exeC:\WINDOWS\sysox.exeC:\WINDOWS\syspf.exeC:\WINDOWS\sysqg.exeC:\WINDOWS\sysqw32.exeC:\WINDOWS\sysrk.exeC:\WINDOWS\system32\AvlPk4g.exeC:\WINDOWS\system32\Bwd9m.exeC:\WINDOWS\system32\cd_clint.dllC:\WINDOWS\system32\crae32.dllC:\WINDOWS\system32\crus.dllC:\WINDOWS\system32\d3se.dllC:\WINDOWS\system32\iefn32.dllC:\WINDOWS\system32\iphs32.dllC:\WINDOWS\system32\Kjxpex=.jpg.exeC:\WINDOWS\system32\MhoK9W3.exeC:\WINDOWS\system32\supdate.dllC:\WINDOWS\system32\sysfile.dllC:\WINDOWS\system32\sysir.dllC:\WINDOWS\system32\syszv32.dllC:\WINDOWS\system32\winbs.dllC:\WINDOWS\system32\XfpamdX.exeC:\WINDOWS\system32\zbpozoo.dllC:\WINDOWS\systx32.exeC:\WINDOWS\sysvc32.exeC:\WINDOWS\sysxf.exeC:\WINDOWS\sysyk32.exeC:\WINDOWS\syszw32.exeC:\WINDOWS\toolbar.exeC:\WINDOWS\winci.exeC:\WINDOWS\winfo.dllC:\WINDOWS\winfo32.exeC:\WINDOWS\wingy.exeC:\WINDOWS\winhg32.exeC:\WINDOWS\winhi.exeC:\WINDOWS\winhq.exeC:\WINDOWS\winhw32.exeC:\WINDOWS\winja.exeC:\WINDOWS\winkt.exeC:\WINDOWS\winlk.exeC:\WINDOWS\winqa32.exeC:\WINDOWS\winra32.exeC:\WINDOWS\winre32.exeC:\WINDOWS\winrs.exeC:\WINDOWS\winsr32.exeC:\WINDOWS\winsv32.exeC:\WINDOWS\winug32.exeC:\WINDOWS\winuu32.exeC:\WINDOWS\winvw32.exeC:\WINDOWS\winyd32.exeC:\WINDOWS\winye.exeC:\WINDOWS\winzs.exe Return to Killbox, go to the File menu, and choose "Paste from Clipboard". Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.. Let the system reboot.5) Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!6. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running. Edited June 27, 2005 by Excal Link to post Share on other sites
Recommended Posts