Possibly Unclassified Spyware.65


Recommended Posts

I have run

ad-aware

spybot

microsoft antispyware

norton antivirus

microtrend housecall

cwshredder

and all but housecall in safe mode

not as bad since then but i know its still there

Logfile of HijackThis v1.99.1

Scan saved at 9:33:46 AM, on 6/22/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\wanmpsvc.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Messenger\msmsgs.exe

C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\l7y42x47.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\l7y42x47.slt\prefs.js)

O2 - BHO: Class - {005714CD-0630-8CC6-E2CB-ADCEC38BF51A} - C:\WINDOWS\system32\ntbi32.dll

O2 - BHO: Class - {01E4E0CC-8390-738E-DCC2-DEFBA2BEAA16} - C:\WINDOWS\addwq32.dll

O2 - BHO: Class - {15F23213-9CF2-EAE8-257C-69A75EC75BC0} - C:\WINDOWS\system32\ipbo32.dll

O2 - BHO: Class - {184827EA-353B-98C7-CCF0-E9FA6D9FA145} - C:\WINDOWS\crvf32.dll

O2 - BHO: Class - {19899FD2-72DC-ADED-A735-6279FA695369} - C:\WINDOWS\javaga.dll

O2 - BHO: Class - {1C741A3D-21F2-C649-7160-432D9ED81A74} - C:\WINDOWS\system32\ielc32.dll

O2 - BHO: Class - {26EB855E-8020-394A-64FD-DB123824DB35} - C:\WINDOWS\javapn.dll

O2 - BHO: Class - {2D7B6DD1-DCC2-5B87-1522-23E436D64FE1} - C:\WINDOWS\system32\javatk32.dll

O2 - BHO: Class - {30B9D3B6-3171-041B-C2E4-A7FD55558A20} - C:\WINDOWS\system32\mfcyx32.dll

O2 - BHO: Class - {45723711-8D3F-C8F9-24E0-F252B24B3148} - C:\WINDOWS\sdkce.dll

O2 - BHO: Class - {4844B1BF-4049-149D-AA03-7DC88E8A4193} - C:\WINDOWS\ipzw32.dll

O2 - BHO: Class - {49E6CC14-E11C-706F-6006-BD9D4C0FAF32} - C:\WINDOWS\ntfw.dll

O2 - BHO: Class - {4CDCBA87-7E66-3831-67E7-C02FD3C6CA1B} - C:\WINDOWS\system32\apibt.dll

O2 - BHO: Class - {57CC204F-905A-2B4D-BD5E-30AC516741C9} - C:\WINDOWS\addbk.dll

O2 - BHO: Class - {73156990-7CC1-9E5B-7282-2852A986EDAB} - C:\WINDOWS\system32\javand32.dll

O2 - BHO: Class - {84AC618E-84E5-CB76-8ED6-545359351A5F} - C:\WINDOWS\system32\appqy.dll

O2 - BHO: (no name) - {988C7124-18A2-C7FB-651E-534040091DFA} - C:\WINDOWS\system32\netkk32.dll

O2 - BHO: Class - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - C:\WINDOWS\crau.dll

O2 - BHO: Class - {A74D4CE3-CEAE-D2F7-A231-D25802D9DD83} - C:\WINDOWS\apibm.dll

O2 - BHO: Class - {B8668F62-EE5D-30BC-F5E0-FD11BFA5F18B} - C:\WINDOWS\system32\d3mu.dll

O2 - BHO: Class - {BB5A0FC4-FCAF-FA07-2E59-B4F763DA2F07} - C:\WINDOWS\system32\sdkvl.dll

O2 - BHO: Class - {BEF263B7-4CDC-E395-290C-92A44E2A4339} - C:\WINDOWS\system32\msep.dll

O2 - BHO: Class - {C238256B-77D8-01DF-8E7E-CA12D2224B07} - C:\WINDOWS\netgu.dll

O2 - BHO: Class - {C7424DA8-E366-B763-AEE8-1DD605AC38B7} - C:\WINDOWS\system32\addzu.dll

O2 - BHO: Class - {CAEAEAB9-C342-9405-CE69-D7940397BA70} - C:\WINDOWS\system32\javaok.dll

O2 - BHO: Class - {D124E11B-5FEB-A448-1194-EE6A7E12004D} - C:\WINDOWS\system32\crhz.dll

O2 - BHO: Class - {D3DFD4E6-1C5E-99E5-CD97-BC92535FF528} - C:\WINDOWS\javawn.dll

O2 - BHO: Class - {D9AB9FC9-8666-A8DB-77B5-039C083D0597} - C:\WINDOWS\system32\iert32.dll

O2 - BHO: Class - {E12F9AC5-10D5-A5B6-0619-4FBA819B52BE} - C:\WINDOWS\system32\sysrc32.dll

O2 - BHO: Class - {E13962C2-96C6-E39D-08A3-1714DB5A46BC} - C:\WINDOWS\system32\ipuj.dll

O4 - HKLM\..\Run: [blockTracker] c:\hp\bin\BlockTracker.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [hE7B] C:\documents and settings\owner\local settings\temp\hE7B.exe

O4 - HKLM\..\Run: [5F8.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\5F8.tmp.exe 1 10001

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)

O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)

O9 - Extra button: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://www.wildtangent.com/multiplayer/cannonsmmp/wtinst.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://216.139.213.20/main/Install/en/US/C...aDownloader.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/shapo/shapo.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled...aploader_v6.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/oemji_opt_o...erInstall_2.cab

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Link to post
Share on other sites

Hi and welcome to Best Techie! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

We will use this program later.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/

O2 - BHO: Class - {005714CD-0630-8CC6-E2CB-ADCEC38BF51A} - C:\WINDOWS\system32\ntbi32.dll

O2 - BHO: Class - {01E4E0CC-8390-738E-DCC2-DEFBA2BEAA16} - C:\WINDOWS\addwq32.dll

O2 - BHO: Class - {15F23213-9CF2-EAE8-257C-69A75EC75BC0} - C:\WINDOWS\system32\ipbo32.dll

O2 - BHO: Class - {184827EA-353B-98C7-CCF0-E9FA6D9FA145} - C:\WINDOWS\crvf32.dll

O2 - BHO: Class - {19899FD2-72DC-ADED-A735-6279FA695369} - C:\WINDOWS\javaga.dll

O2 - BHO: Class - {1C741A3D-21F2-C649-7160-432D9ED81A74} - C:\WINDOWS\system32\ielc32.dll

O2 - BHO: Class - {26EB855E-8020-394A-64FD-DB123824DB35} - C:\WINDOWS\javapn.dll

O2 - BHO: Class - {2D7B6DD1-DCC2-5B87-1522-23E436D64FE1} - C:\WINDOWS\system32\javatk32.dll

O2 - BHO: Class - {30B9D3B6-3171-041B-C2E4-A7FD55558A20} - C:\WINDOWS\system32\mfcyx32.dll

O2 - BHO: Class - {45723711-8D3F-C8F9-24E0-F252B24B3148} - C:\WINDOWS\sdkce.dll

O2 - BHO: Class - {4844B1BF-4049-149D-AA03-7DC88E8A4193} - C:\WINDOWS\ipzw32.dll

O2 - BHO: Class - {49E6CC14-E11C-706F-6006-BD9D4C0FAF32} - C:\WINDOWS\ntfw.dll

O2 - BHO: Class - {4CDCBA87-7E66-3831-67E7-C02FD3C6CA1B} - C:\WINDOWS\system32\apibt.dll

O2 - BHO: Class - {57CC204F-905A-2B4D-BD5E-30AC516741C9} - C:\WINDOWS\addbk.dll

O2 - BHO: Class - {73156990-7CC1-9E5B-7282-2852A986EDAB} - C:\WINDOWS\system32\javand32.dll

O2 - BHO: Class - {84AC618E-84E5-CB76-8ED6-545359351A5F} - C:\WINDOWS\system32\appqy.dll

O2 - BHO: (no name) - {988C7124-18A2-C7FB-651E-534040091DFA} - C:\WINDOWS\system32\netkk32.dll

O2 - BHO: Class - {9B46EFA0-A8CD-6ED9-3D1F-B1FF1A5FC359} - C:\WINDOWS\crau.dll

O2 - BHO: Class - {A74D4CE3-CEAE-D2F7-A231-D25802D9DD83} - C:\WINDOWS\apibm.dll

O2 - BHO: Class - {B8668F62-EE5D-30BC-F5E0-FD11BFA5F18B} - C:\WINDOWS\system32\d3mu.dll

O2 - BHO: Class - {BB5A0FC4-FCAF-FA07-2E59-B4F763DA2F07} - C:\WINDOWS\system32\sdkvl.dll

O2 - BHO: Class - {BEF263B7-4CDC-E395-290C-92A44E2A4339} - C:\WINDOWS\system32\msep.dll

O2 - BHO: Class - {C238256B-77D8-01DF-8E7E-CA12D2224B07} - C:\WINDOWS\netgu.dll

O2 - BHO: Class - {C7424DA8-E366-B763-AEE8-1DD605AC38B7} - C:\WINDOWS\system32\addzu.dll

O2 - BHO: Class - {CAEAEAB9-C342-9405-CE69-D7940397BA70} - C:\WINDOWS\system32\javaok.dll

O2 - BHO: Class - {D124E11B-5FEB-A448-1194-EE6A7E12004D} - C:\WINDOWS\system32\crhz.dll

O2 - BHO: Class - {D3DFD4E6-1C5E-99E5-CD97-BC92535FF528} - C:\WINDOWS\javawn.dll

O2 - BHO: Class - {D9AB9FC9-8666-A8DB-77B5-039C083D0597} - C:\WINDOWS\system32\iert32.dll

O2 - BHO: Class - {E12F9AC5-10D5-A5B6-0619-4FBA819B52BE} - C:\WINDOWS\system32\sysrc32.dll

O2 - BHO: Class - {E13962C2-96C6-E39D-08A3-1714DB5A46BC} - C:\WINDOWS\system32\ipuj.dll

O4 - HKLM\..\Run: [hE7B] C:\documents and settings\owner\local settings\temp\hE7B.exe

O4 - HKLM\..\Run: [5F8.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\5F8.tmp.exe 1 10001

O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)

O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab

O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} - http://www.atelys.com/src/Speedup.ocx

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://www.wildtangent.com/multiplayer/cannonsmmp/wtinst.cab

7. click the Fix Checked box

8. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\system32\ntbi32.dll

C:\WINDOWS\addwq32.dll

C:\WINDOWS\system32\ipbo32.dll

C:\WINDOWS\crvf32.dll

C:\WINDOWS\javaga.dll

C:\WINDOWS\system32\ielc32.dll

C:\WINDOWS\javapn.dll

C:\WINDOWS\system32\javatk32.dll

C:\WINDOWS\system32\mfcyx32.dll

C:\WINDOWS\sdkce.dll

C:\WINDOWS\ipzw32.dll

C:\WINDOWS\ntfw.dll

C:\WINDOWS\system32\apibt.dll

C:\WINDOWS\addbk.dll

C:\WINDOWS\system32\javand32.dll

C:\WINDOWS\system32\appqy.dll

C:\WINDOWS\system32\netkk32.dll

C:\WINDOWS\crau.dll

C:\WINDOWS\apibm.dll

C:\WINDOWS\system32\d3mu.dll

C:\WINDOWS\system32\sdkvl.dll

C:\WINDOWS\system32\msep.dll

C:\WINDOWS\netgu.dll

C:\WINDOWS\system32\addzu.dll

C:\WINDOWS\system32\javaok.dll

C:\WINDOWS\system32\crhz.dll

C:\WINDOWS\javawn.dll

C:\WINDOWS\system32\iert32.dll

C:\WINDOWS\system32\sysrc32.dll

C:\WINDOWS\system32\ipuj.dll

9. Run the program CleanUp!

10. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

11. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.

Link to post
Share on other sites

I did everything you ask but when I looked for the files useing explorer I found none of them.

Logfile of HijackThis v1.99.1

Scan saved at 1:43:02 PM, on 6/24/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\wanmpsvc.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\America Online 9.0\aolwbspd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\hijackthis\HijackThis.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\l7y42x47.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\l7y42x47.slt\prefs.js)

O4 - HKLM\..\Run: [blockTracker] c:\hp\bin\BlockTracker.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O9 - Extra button: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://216.139.213.20/main/Install/en/US/C...aDownloader.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/shapo/shapo.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled...aploader_v6.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/oemji_opt_o...erInstall_2.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{062639E3-79D8-4C07-9686-8F46168AD605}: NameServer = 205.188.146.145

O17 - HKLM\System\CS1\Services\Tcpip\..\{062639E3-79D8-4C07-9686-8F46168AD605}: NameServer = 205.188.146.145

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Link to post
Share on other sites

activescan

Incident Status Location

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll

Adware:Adware/eZula No disinfected C:\WINDOWS\system32\sysfile.dll

Adware:Adware/nCase No disinfected C:\WINDOWS\system32\FLEOK

Adware:Adware/PortalScan No disinfected C:\Program Files\System Soap Pro

Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Favorites\Search the Web for Everything in One Click!.url

Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles

Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Owner\Application Data\Lycos

Adware:Adware/IEDriver No disinfected Windows Registry

Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\v?.dll

Spyware:Spyware/YourSiteBar No disinfected Windows Registry

Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\toolbar.exe

Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Favorites\Search the Web for Everything in One Click!.url

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-113.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-130.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-136.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-214.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-255.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-357.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-396.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-440.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-535.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-571.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-582.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-767.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-789.dll

Adware:Adware/SearchAid No disinfected C:\hijackthis\backups\backup-20050624-110017-803.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-829.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-843.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-887.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-156.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-252.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-387.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-412.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-546.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-653.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-671.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-739.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-753.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-794.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-797.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-839.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-933.dll

Virus:Trj/Downloader.KD Disinfected C:\hijackthis\backups\backup-20050624-110019-400.inf

Possible Virus. No disinfected C:\Program Files\Internet Explorer\dxbdgefk.exe

Possible Virus. No disinfected C:\Program Files\Internet Explorer\kivunpss.exe

Possible Virus. No disinfected C:\Program Files\Internet Explorer\tmwlbqfd.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\addby32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\addej32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\addev32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\addgm.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\addgy32.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\addwu32.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\addyt32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\apiaq.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\apikq32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\apioz32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\apipr32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\appzo32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\atldb32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\atlrw32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\atlsy.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\atlwe.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\atlyv32.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-cvuacy.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\BundleOuter2601031121.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\EDow_AS2.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ezStub.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\icmedia_7.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_silent_17123.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\VT02.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\crcm32.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\crun.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\crwt.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\crxm.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3gi32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3jh32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3oj32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3pq.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3ps32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3xh32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\d3zj32.exe

Possible Virus. No disinfected C:\WINDOWS\Downloaded Program Files\dxbdgefk.exe

Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll

Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf

Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\v2.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\iefm32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ieth32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\iexu32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ipff32.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipmc.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ipqo32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ipxy32.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaaw.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\javair.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\javalj.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\javamb32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\javath32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\javatn32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mfcic32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mfcox32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mfcvl.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mfcyq.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mfczm.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\msfp32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\msjp32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mspj.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mspm.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\msse32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\mszf32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\netkk.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\netoe32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\netua.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\netwn.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntdz32.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ntek.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ntpb32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ntza32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ntzd32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\ntzf.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_byxjpj.log

Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\pss\ncdr.exeCommon Startup

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkbn.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\sdkjc.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkka32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\sdkkp.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\sdklb32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkld32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdklj.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\sdkmr.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkob.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkpb.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkqk32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\sdkwa.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkxk32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkxm32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\sdkyd.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkzs32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\syscb32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syscl32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysha32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysjw32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syslo.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syslw.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syslx32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysma32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysmq32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysox.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syspf.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysqg.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysqw32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysrk.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\addbe.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\addck32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\addgi.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\addpl32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\addxz32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\apich.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\appga32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\appni32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\apppw32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atlam.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atlap32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atljk.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atloq32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atlow.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atlri.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atlwq32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\atlzb32.exe

Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\AvlPk4g.exe

Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\Bwd9m.exe

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll

Adware:Adware/EliteBar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4R61QTW1\silent_install[1].exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crae32.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\crgt32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\crjp32.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crus.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\cruz32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\crxo32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3cl32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3cq.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3gl.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3ht32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3ni.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3rp32.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3se.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\d3xe.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\iebb.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iefn32.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\iejg32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ielr.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\iern.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\iery.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\iezi.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ipbg32.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iphs32.dll

Link to post
Share on other sites

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\iphy.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ipmx32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ipqc32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ipwt32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\javaet32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\javafm32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\javajv.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\javasq.exe

Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\Kjxpex=.jpg.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mfcax.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mfccg.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mfcng.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mfcxa32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mfcxb.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mfcxq.exe

Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\MhoK9W3.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msaw32.exe

Virus:Trj/Downloader.HK Disinfected C:\WINDOWS\system32\msbar.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msbq.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\mscz.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msgq.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msjo32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msls32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msng.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msnl32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\msot.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\netce32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\netcf.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\netjd.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ntfz.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\ntou32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sdkba.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sdktf32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sdkvs32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sdkyw.exe

Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\supdate.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sysdz32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sysek32.exe

Adware:Adware/eZula No disinfected C:\WINDOWS\system32\sysfile.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\sysgm.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\syshf.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sysir.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\syswc.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\syszv.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\syszv32.dll

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\winbs.dll

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\winis32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\winnj.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\winpv32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\winwu.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\system32\winys32.exe

Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\XfpamdX.exe

Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\system32\zbpozoo.dll

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\systx32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysvc32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysxf.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysyk32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syszw32.exe

Spyware:Spyware/XXXToolbar No disinfected C:\WINDOWS\toolbar.exe

Adware:Adware/EasySearch No disinfected C:\WINDOWS\vrzwg.dll

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winci.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winej.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\winfo.dll

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winfo32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\wingi.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\wingy.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhg32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhi.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhq.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhw32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winja.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winkt.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winku.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winlk.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winnm.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winqa32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winra32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winre32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winrs.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winsh.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winsr32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winsv32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winug32.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winur.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winuu32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winvw32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winyd32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winye.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winyz.exe

Virus:Trj/Agent.VN Disinfected C:\WINDOWS\winzg32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winzs.exe

Link to post
Share on other sites

Right click on the Microsoft/Giant AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection.

Download about:buster by RubbeRDuckY Here.

Download CWShredder here to its own folder.

Update CWShredder

  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder

We will be using this program later.

Update About:Buster

  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster

Right-Click HERE and Save As to download DelDomains.inf to your desktop.

To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)

Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:

  • Click Begin Removal.
  • It will begin to check your computer for malicious files.
  • AboutBuster will finish and open a new page. Follow the instructions for protection on that page.
  • Shut down AboutBuster. A log should have been created.Please Save this log and copy it in your next post.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

reboot into normal mode.

run these 2 free trojan scans:

Trojan Scan

Trojan Scan2

after the scan are done please do another active scan and post the results along with the about:buster log and a fresh Hijackthis log.

Thanks

:thumbsup:

Excal

Link to post
Share on other sites

Incident Status Location

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll

Adware:Adware/eZula No disinfected C:\WINDOWS\system32\sysfile.dll

Adware:Adware/nCase No disinfected C:\WINDOWS\system32\FLEOK

Adware:Adware/PortalScan No disinfected C:\Program Files\System Soap Pro

Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Favorites\Search the Web for Everything in One Click!.url

Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles

Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Owner\Application Data\Lycos

Adware:Adware/IEDriver No disinfected Windows Registry

Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\v?.dll

Spyware:Spyware/YourSiteBar No disinfected Windows Registry

Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\toolbar.exe

Adware:Adware/WinTools No disinfected C:\Documents and Settings\Owner\Favorites\Search the Web for Everything in One Click!.url

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-113.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-130.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-136.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-214.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-255.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-357.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-396.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-440.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-535.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-571.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-582.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-767.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-789.dll

Adware:Adware/SearchAid No disinfected C:\hijackthis\backups\backup-20050624-110017-803.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-829.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-843.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110017-887.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-156.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-252.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-387.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-412.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-546.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-653.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-671.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-739.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-753.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-794.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-797.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-839.dll

Adware:Adware/CWS No disinfected C:\hijackthis\backups\backup-20050624-110018-933.dll

Possible Virus. No disinfected C:\Program Files\Internet Explorer\dxbdgefk.exe

Possible Virus. No disinfected C:\Program Files\Internet Explorer\kivunpss.exe

Possible Virus. No disinfected C:\Program Files\Internet Explorer\tmwlbqfd.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\addwu32.dll

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-cvuacy.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\BundleOuter2601031121.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\EDow_AS2.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ezStub.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\icmedia_7.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_silent_17123.exe

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\VT02.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\crcm32.dll

Adware:Adware/SearchAid No disinfected C:\WINDOWS\crwt.dll

Possible Virus. No disinfected C:\WINDOWS\Downloaded Program Files\dxbdgefk.exe

Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll

Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf

Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\v2.dll

Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipmc.dll

Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaaw.dll

Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntdz32.dll

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_byxjpj.log

Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\pss\ncdr.exeCommon Startup

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkbn.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkka32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkld32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdklj.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkob.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkpb.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkqk32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkxk32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkxm32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sdkzs32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syscl32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysha32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysjw32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syslo.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syslw.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syslx32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysma32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysmq32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysox.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syspf.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysqg.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysqw32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysrk.exe

Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\AvlPk4g.exe

Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\Bwd9m.exe

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll

Adware:Adware/EliteBar No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4R61QTW1\silent_install[1].exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crae32.dll

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\crus.dll

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\d3se.dll

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iefn32.dll

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\iphs32.dll

Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\Kjxpex=.jpg.exe

Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\MhoK9W3.exe

Adware:Adware/AdBehavior No disinfected C:\WINDOWS\system32\supdate.dll

Adware:Adware/eZula No disinfected C:\WINDOWS\system32\sysfile.dll

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\sysir.dll

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\syszv32.dll

Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\winbs.dll

Adware:Adware/MemoryWatcher No disinfected C:\WINDOWS\system32\XfpamdX.exe

Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\system32\zbpozoo.dll

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\systx32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysvc32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysxf.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\sysyk32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\syszw32.exe

Spyware:Spyware/XXXToolbar No disinfected C:\WINDOWS\toolbar.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winci.exe

Adware:Adware/SearchAid No disinfected C:\WINDOWS\winfo.dll

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winfo32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\wingy.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhg32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhi.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhq.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winhw32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winja.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winkt.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winlk.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winqa32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winra32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winre32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winrs.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winsr32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winsv32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winug32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winuu32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winvw32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winyd32.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winye.exe

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\winzs.exe

Link to post
Share on other sites

AboutBuster 5.0 reference file 30

Scan started on [6/27/2005] at [9:23:56 AM]

------------------------------------------------

Removed Stream! C:\WINDOWS\A5W.INI:qsqnq

Removed Stream! C:\WINDOWS\atid.ini:cxhsq

Removed Stream! C:\WINDOWS\avafq.log:hmoxu

Removed Stream! C:\WINDOWS\cmsetacl.log:fiqrv

Removed Stream! C:\WINDOWS\Coffee Bean.bmp:fpyzu

Removed Stream! C:\WINDOWS\Coffee Bean.bmp:vmihq

Removed Stream! C:\WINDOWS\COM+.log:cqxdi

Removed Stream! C:\WINDOWS\COM+.log:gpfqa

Removed Stream! C:\WINDOWS\COM+.log:kyqpg

Removed Stream! C:\WINDOWS\comsetup.log:hultu

Removed Stream! C:\WINDOWS\comsetup.log:yskqw

Removed Stream! C:\WINDOWS\control.ini:sstrd

Removed Stream! C:\WINDOWS\control.ini:zlnhe

Removed Stream! C:\WINDOWS\corelpf.lrs:aqqhm

Removed Stream! C:\WINDOWS\corelpf.lrs:mdhck

Removed Stream! C:\WINDOWS\corelpf.lrs:vagqz

Removed Stream! C:\WINDOWS\CTL3D32.DLL:ootda

Removed Stream! C:\WINDOWS\CTL3D32.DLL:ootda

Removed Stream! C:\WINDOWS\d3dx.dat:vovxg

Removed Stream! C:\WINDOWS\dahotfix.log:ujctl

Removed Stream! C:\WINDOWS\DDJGHGJJ.ini:ddsaz

Removed Stream! C:\WINDOWS\DDJGHGJJ.ini:kflaz

Removed Stream! C:\WINDOWS\DDJGHGJJ.ini:rtiri

Removed Stream! C:\WINDOWS\DDJGHGJJ.ini:wcmqy

Removed Stream! C:\WINDOWS\DDJGHGJJ.ini:xckvg

Removed Stream! C:\WINDOWS\desktop.ini:drnge

Removed Stream! C:\WINDOWS\disney.ini:dxazn

Removed Stream! C:\WINDOWS\disney.ini:ozxig

Removed Stream! C:\WINDOWS\disneysy.ini:ksbem

Removed Stream! C:\WINDOWS\drwatson.log:gufoc

Removed Stream! C:\WINDOWS\drwatson.log:jukmf

Removed Stream! C:\WINDOWS\DtcInstall.log:hfddy

Removed Stream! C:\WINDOWS\DtcInstall.log:naqys

Removed Stream! C:\WINDOWS\DtcInstall.log:shaqn

Removed Stream! C:\WINDOWS\DtcInstall.log:usbbl

Removed Stream! C:\WINDOWS\eReg.dat:qnnpq

Removed Stream! C:\WINDOWS\EReg515.dat:dfvxc

Removed Stream! C:\WINDOWS\EReg515.dat:whbdv

Removed Stream! C:\WINDOWS\EReg515.dat:xfcap

Removed Stream! C:\WINDOWS\explorer.scf:dajhg

Removed Stream! C:\WINDOWS\explorer.scf:kedpx

Removed Stream! C:\WINDOWS\FaxSetup.log:asabd

Removed Stream! C:\WINDOWS\FeatherTexture.bmp:odqpc

Removed Stream! C:\WINDOWS\FreeOffers.ini:cdspq

Removed Stream! C:\WINDOWS\FreeOffers.ini:uxzwv

Removed Stream! C:\WINDOWS\FreeOffers.ini:xhiih

Removed Stream! C:\WINDOWS\Gizmos 24k.bmp:aupfd

Removed Stream! C:\WINDOWS\Gizmos 24k.bmp:grnun

Removed Stream! C:\WINDOWS\Gizmos DaddyO.bmp:hocgw

Removed Stream! C:\WINDOWS\Gizmos DaddyO.bmp:vfhzt

Removed Stream! C:\WINDOWS\Gizmos Industrial.bmp:oioio

Removed Stream! C:\WINDOWS\Gizmos Sacred Spirit.bmp:ajcpq

Removed Stream! C:\WINDOWS\Gizmos Sacred Spirit.bmp:evqkt

Removed Stream! C:\WINDOWS\Gizmos Victorian.bmp:cwwyc

Removed Stream! C:\WINDOWS\Gizmos Victorian.bmp:ogzmv

Removed Stream! C:\WINDOWS\Gone Fishing.bmp:ngzvq

Removed Stream! C:\WINDOWS\Gone Fishing.bmp:ojoct

Removed Stream! C:\WINDOWS\Gone Fishing.bmp:sdcik

Removed Stream! C:\WINDOWS\Gone Fishing.bmp:zjqqq

Removed Stream! C:\WINDOWS\Greenstone.bmp:fixhz

Removed Stream! C:\WINDOWS\Greenstone.bmp:jmneq

Removed Stream! C:\WINDOWS\hphmdl11.dat:llioy

Removed Stream! C:\WINDOWS\iis6.log:gfptf

Removed Stream! C:\WINDOWS\intuprof.ini:gpnzd

Removed Stream! C:\WINDOWS\intuprof.ini:oiybw

Removed Stream! C:\WINDOWS\intuprof.ini:ojdis

Removed Stream! C:\WINDOWS\iPlayer.INI:kytpn

Removed Stream! C:\WINDOWS\jautoexp.dat:bidil

Removed Stream! C:\WINDOWS\javafo32.dll:ivvth

Removed Stream! C:\WINDOWS\KB813744.log:ofcnj

Removed Stream! C:\WINDOWS\KB813744.log:tcbtmu

Removed Stream! C:\WINDOWS\KB821557.log:tqiav

Removed Stream! C:\WINDOWS\KB823182.log:hsekc

Removed Stream! C:\WINDOWS\KB823182.log:vyxyx

Removed Stream! C:\WINDOWS\KB823980.log:lduygf

Removed Stream! C:\WINDOWS\KB823980.log:lrafx

Removed Stream! C:\WINDOWS\KB824105.log:jwtzm

Removed Stream! C:\WINDOWS\KB824105.log:qwckn

Removed Stream! C:\WINDOWS\KB824105.log:regtc

Removed Stream! C:\WINDOWS\KB824141.log:jdatw

Removed Stream! C:\WINDOWS\KB824141.log:tktpr

Removed Stream! C:\WINDOWS\KB824146.log:awvvf

Removed Stream! C:\WINDOWS\KB824146.log:fdzju

Removed Stream! C:\WINDOWS\KB825119.log:adxic

Removed Stream! C:\WINDOWS\KB825119.log:mheuv

Removed Stream! C:\WINDOWS\KB826939.log:mwksj

Removed Stream! C:\WINDOWS\KB828035.log:jgokd

Removed Stream! C:\WINDOWS\KB828035.log:nolfh

Removed Stream! C:\WINDOWS\KB828035.log:yuyyv

Removed Stream! C:\WINDOWS\KB828741.log:hgyeh

Removed Stream! C:\WINDOWS\KB828741.log:spuux

Removed Stream! C:\WINDOWS\KB828741.log:tozfd

Removed Stream! C:\WINDOWS\KB834707.log:cuyug

Removed Stream! C:\WINDOWS\KB834707.log:iwprq

Removed Stream! C:\WINDOWS\KB837001.log:inlve

Removed Stream! C:\WINDOWS\KB837001.log:iwglf

Removed Stream! C:\WINDOWS\KB839643-DirectX9.log:lwfbj

Removed Stream! C:\WINDOWS\KB839643-DirectX9.log:pvzmm

Removed Stream! C:\WINDOWS\KB841873.log:qnwhg

Removed Stream! C:\WINDOWS\KB841873.log:wlqkm

Removed Stream! C:\WINDOWS\KB841873.log:zfbci

Removed Stream! C:\WINDOWS\KB842773.log:ebqvx

Removed Stream! C:\WINDOWS\KB867282.log:mziqo

Removed Stream! C:\WINDOWS\KB867282.log:wuryd

Removed Stream! C:\WINDOWS\KB873333.log:rjeio

Removed Stream! C:\WINDOWS\KB873339.log:guuor

Removed Stream! C:\WINDOWS\KB873339.log:xwyef

Removed Stream! C:\WINDOWS\KB885250.log:zejyf

Removed Stream! C:\WINDOWS\KB885835.log:ekmpd

Removed Stream! C:\WINDOWS\KB885835.log:mpmln

Removed Stream! C:\WINDOWS\KB885835.log:ugkkv

Removed Stream! C:\WINDOWS\KB885835.log:wlgsa

Removed Stream! C:\WINDOWS\KB885836.log:meaen

Removed Stream! C:\WINDOWS\KB885836.log:xtopx

Removed Stream! C:\WINDOWS\KB886185.log:aiwik

Removed Stream! C:\WINDOWS\KB887472.log:hjure

Removed Stream! C:\WINDOWS\KB887472.log:ootst

Removed Stream! C:\WINDOWS\KB887472.log:qshwq

Removed Stream! C:\WINDOWS\KB887742.log:jrrjh

Removed Stream! C:\WINDOWS\KB887742.log:oujhb

Removed Stream! C:\WINDOWS\KB888113.log:fqvfo

Removed Stream! C:\WINDOWS\KB888113.log:obvrn

Removed Stream! C:\WINDOWS\KB888113.log:wtzma

Removed Stream! C:\WINDOWS\KB890047.log:bapia

Removed Stream! C:\WINDOWS\KB890047.log:reajn

Removed Stream! C:\WINDOWS\KB890047.log:zueyc

Removed Stream! C:\WINDOWS\KB890175.log:eqbgw

Removed Stream! C:\WINDOWS\KB890859.log:eqisk

Removed Stream! C:\WINDOWS\KB890859.log:iosgq

Removed Stream! C:\WINDOWS\KB890859.log:itbtn

Removed Stream! C:\WINDOWS\KB890859.log:pdmey

Removed Stream! C:\WINDOWS\KB890923.log:tmihv

Removed Stream! C:\WINDOWS\KB891781.log:cpnzw

Removed Stream! C:\WINDOWS\KB893066.log:tiisk

Removed Stream! C:\WINDOWS\KB893066.log:wtibz

Removed Stream! C:\WINDOWS\KB893086.log:phent

Removed Stream! C:\WINDOWS\KB893803.log:qjgyj

Removed Stream! C:\WINDOWS\KB893803.log:wozrn

Removed Stream! C:\WINDOWS\KB893803.log:yolhb

Removed Stream! C:\WINDOWS\KB893803v2.log:bnych

Removed Stream! C:\WINDOWS\KB893803v2.log:rvcps

Removed Stream! C:\WINDOWS\kjmvg.dat:abano

Removed Stream! C:\WINDOWS\kjmvg.dat:enern

Removed Stream! C:\WINDOWS\kjmvg.dat:qrfyh

Removed Stream! C:\WINDOWS\kjmvg.dat:rvjhd

Removed Stream! C:\WINDOWS\Living Wilderness.ini:nrepa

Removed Stream! C:\WINDOWS\Living Wilderness.scr:fvtcb

Removed Stream! C:\WINDOWS\lsguu.dat:hgxnb

Removed Stream! C:\WINDOWS\marker_2.bin:cqkah

Removed Stream! C:\WINDOWS\mktbrws.ses:rccxr

Removed Stream! C:\WINDOWS\mozver.dat:yvpxs

Removed Stream! C:\WINDOWS\msdfmap.ini:ipkmt

Removed Stream! C:\WINDOWS\msdfmap.ini:utkgo

Removed Stream! C:\WINDOWS\msgsocm.log:decht

Removed Stream! C:\WINDOWS\msgsocm.log:mtmya

Removed Stream! C:\WINDOWS\mWinXpD.txt:esukr

Removed Stream! C:\WINDOWS\mWinXpD.txt:gfgbz

Removed Stream! C:\WINDOWS\mWinXpD.txt:jquma

Removed Stream! C:\WINDOWS\mWinXpD2.txt:odben

Removed Stream! C:\WINDOWS\Netscape 7.0 Wallpaper.bmp:xyuvp

Removed Stream! C:\WINDOWS\nshwi.log:jbmyi

Removed Stream! C:\WINDOWS\nsreg.dat:bxrzg

Removed Stream! C:\WINDOWS\ntdtcsetup.log:sczvq

Removed Stream! C:\WINDOWS\n_byxjpj.log:qlpgu

Removed Stream! C:\WINDOWS\n_ghzeyh.dat:vwwzu

Removed Stream! C:\WINDOWS\ocgen.log:msytq

Removed Stream! C:\WINDOWS\ocmsn.log:dilfy

Removed Stream! C:\WINDOWS\ocmsn.log:iqdhi

Removed Stream! C:\WINDOWS\ocmsn.log:zmgzi

Removed Stream! C:\WINDOWS\ODBCINST.INI:fcwvh

Removed Stream! C:\WINDOWS\OEWABLog.txt:kufnw

Removed Stream! C:\WINDOWS\OEWABLog.txt:qtenl

Removed Stream! C:\WINDOWS\orun32.ini:kkpps

Removed Stream! C:\WINDOWS\orun32.isu:evrhx

Removed Stream! C:\WINDOWS\orun32.isu:lcami

Removed Stream! C:\WINDOWS\Prairie Wind.bmp:bgves

Removed Stream! C:\WINDOWS\Prairie Wind.bmp:mcscf

Removed Stream! C:\WINDOWS\Prairie Wind.bmp:yumjd

Removed Stream! C:\WINDOWS\Q323255.log:nvnhn

Removed Stream! C:\WINDOWS\Q323255.log:scmci

Removed Stream! C:\WINDOWS\Q329048.log:gqtkj

Removed Stream! C:\WINDOWS\Q329048.log:jyeas

Removed Stream! C:\WINDOWS\Q329048.log:rebxh

Removed Stream! C:\WINDOWS\Q329170.log:lrjmt

Removed Stream! C:\WINDOWS\Q329170.log:qnlnr

Removed Stream! C:\WINDOWS\Q329390.log:eaghl

Removed Stream! C:\WINDOWS\Q329390.log:hmgnc

Removed Stream! C:\WINDOWS\Q329390.log:jvtba

Removed Stream! C:\WINDOWS\Q329390.log:kuzxb

Removed Stream! C:\WINDOWS\Q329834.log:drihe

Removed Stream! C:\WINDOWS\Q329834.log:duvfk

Removed Stream! C:\WINDOWS\Q329834.log:pjwpt

Removed Stream! C:\WINDOWS\Q329834.log:rxfpy

Removed Stream! C:\WINDOWS\Q329834.log:uoykg

Removed Stream! C:\WINDOWS\q330638.log:wltxn

Removed Stream! C:\WINDOWS\Q331060.log:crrbu

Removed Stream! C:\WINDOWS\Q331060.log:fghse

Removed Stream! C:\WINDOWS\Q331060.log:vvvwo

Removed Stream! C:\WINDOWS\Q331060.log:xthej

Removed Stream! C:\WINDOWS\Q331953.log:ubitp

Removed Stream! C:\WINDOWS\Q810565.log:lsaiv

Removed Stream! C:\WINDOWS\Q810577.log:hzjvf

Removed Stream! C:\WINDOWS\Q810577.log:tztle

Removed Stream! C:\WINDOWS\Q810577.log:zlqdm

Removed Stream! C:\WINDOWS\Q810833.log:ixrmk

Removed Stream! C:\WINDOWS\Q811493.log:jzxdt

Removed Stream! C:\WINDOWS\Q811493.log:nvehf

Removed Stream! C:\WINDOWS\Q814033.log:dpwza

Removed Stream! C:\WINDOWS\Q815021.log:kjnyi

Removed Stream! C:\WINDOWS\Q815021.log:xjaxi

Removed Stream! C:\WINDOWS\Q817287.log:jhtfx

Removed Stream! C:\WINDOWS\Q817287.log:kpnlt

Removed Stream! C:\WINDOWS\Q817606.log:lfqwr

Removed Stream! C:\WINDOWS\Q819696.log:olgag

Removed Stream! C:\WINDOWS\qlgfm.dat:fizgt

Removed Stream! C:\WINDOWS\QUICKEN.INI:wgchn

Removed Stream! C:\WINDOWS\quirw.log:wxqfc

Removed Stream! C:\WINDOWS\regopt.log:nmthc

Removed Stream! C:\WINDOWS\regopt.log:vdyli

Removed Stream! C:\WINDOWS\regopt.log:xkfek

Removed Stream! C:\WINDOWS\Rhododendron.bmp:gunre

Removed Stream! C:\WINDOWS\River Sumida.bmp:edves

Removed Stream! C:\WINDOWS\River Sumida.bmp:repvt

Removed Stream! C:\WINDOWS\River Sumida.bmp:uzsaw

Removed Stream! C:\WINDOWS\rngctmp.txt:wvdnb

Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:helcv

Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:onhuo

Removed Stream! C:\WINDOWS\SchedLgU.Txt:hfiqa

Removed Stream! C:\WINDOWS\scins.exe:ihmze

Removed Stream! C:\WINDOWS\setupact.log:dfmpk

Removed Stream! C:\WINDOWS\setupact.log:keofl

Removed Stream! C:\WINDOWS\setupact.log:omohr

Removed Stream! C:\WINDOWS\setupact.log:zzbya

Removed Stream! C:\WINDOWS\setupapi.log:dhzee

Removed Stream! C:\WINDOWS\setupapi.log:hydjv

Removed Stream! C:\WINDOWS\setupapi.log.0.old:razsz

Removed Stream! C:\WINDOWS\setuperr.log:vnuze

Removed Stream! C:\WINDOWS\setuplog.txt:bioax

Removed Stream! C:\WINDOWS\setuplog.txt:gajwx

Removed Stream! C:\WINDOWS\SIERRA.INI:njxrt

Removed Stream! C:\WINDOWS\smscfg.ini:ookfy

Removed Stream! C:\WINDOWS\smscfg.ini:vefim

Removed Stream! C:\WINDOWS\spupdsvc.log:xunbd

Removed Stream! C:\WINDOWS\Sti_Trace.log:gtiki

Removed Stream! C:\WINDOWS\Sti_Trace.log:mwflx

Removed Stream! C:\WINDOWS\svcpack.log:hmhtu

Removed Stream! C:\WINDOWS\svcpack.log:ioccs

Removed Stream! C:\WINDOWS\switchagreement.txt:zqhyq

Removed Stream! C:\WINDOWS\switchagreement.txt:ztosu

Removed Stream! C:\WINDOWS\TEXTART.INI:fobpm

Removed Stream! C:\WINDOWS\TEXTART.INI:ljins

Removed Stream! C:\WINDOWS\Thk3216.dll:estrpz

Removed Stream! C:\WINDOWS\Thumbs.db:encryptable

Removed Stream! C:\WINDOWS\tsoc.log:jbspv

Removed Stream! C:\WINDOWS\tsoc.log:pbpbdf

Removed Stream! C:\WINDOWS\tsoc.log:uimeu

Removed Stream! C:\WINDOWS\TWAIN.LOG:awcmy

Removed Stream! C:\WINDOWS\Twain001.Mtx:lotlc

Removed Stream! C:\WINDOWS\twain_.bin:fmhji

Removed Stream! C:\WINDOWS\twain_.bin:laczu

Removed Stream! C:\WINDOWS\twain_.bin:qfqag

Removed Stream! C:\WINDOWS\Twunk001.MTX:gfkmj

Removed Stream! C:\WINDOWS\updspapi.log:lxfxu

Removed Stream! C:\WINDOWS\updspapi.log:oyyzv

Removed Stream! C:\WINDOWS\upth.ini:iyzsx

Removed Stream! C:\WINDOWS\upth.ini:wsfam

Removed Stream! C:\WINDOWS\viqir.dat:hvahtd

Removed Stream! C:\WINDOWS\viqir.dat:ziqaz

Removed Stream! C:\WINDOWS\vminst.log:gxnhz

Removed Stream! C:\WINDOWS\vminst.log:kbnvi

Removed Stream! C:\WINDOWS\vminst.log:nytqi

Removed Stream! C:\WINDOWS\wa.INI:sdthe

Removed Stream! C:\WINDOWS\wiadebug.log:mikqv

Removed Stream! C:\WINDOWS\wiaservc.log:gtrjs

Removed Stream! C:\WINDOWS\Windows Update.log:clnji

Removed Stream! C:\WINDOWS\WindowsUpdate.log:jnbar

Removed Stream! C:\WINDOWS\wininit.ini:jfrjs

Removed Stream! C:\WINDOWS\winnt.bmp:gkarc

Removed Stream! C:\WINDOWS\winnt.bmp:khkgk

Removed Stream! C:\WINDOWS\winnt.bmp:tlucj

Removed Stream! C:\WINDOWS\winnt256.bmp:ceenk

Removed Stream! C:\WINDOWS\winnt256.bmp:qfjxr

Removed Stream! C:\WINDOWS\wmsetup10.log:insve

Removed Stream! C:\WINDOWS\WMSysPr9.prx:euhwh

Removed Stream! C:\WINDOWS\WMSysPr9.prx:jnnef

Removed Stream! C:\WINDOWS\wolves.scr:lvcbf

Removed Stream! C:\WINDOWS\wolves.scr:rifsw

Removed Stream! C:\WINDOWS\wolves.scr:tbhdz

Removed Stream! C:\WINDOWS\WORDPAD.INI:opjqc

Removed Stream! C:\WINDOWS\xpsp1hfm.log:prvsf

Removed Stream! C:\WINDOWS\xpsp1hfm.log:vqttj

Removed Stream! C:\WINDOWS\yqkxf.txt:numkm

Removed Stream! C:\WINDOWS\yqkxf.txt:thprr

Removed Stream! C:\WINDOWS\{6DB89303-9ECE-467E-A812-8C34B07C2407}.dat:eqyry

------------------------------------------------

Removed File! : C:\Windows\vrzwg.dll

Removed File! : C:\Windows\System32\zhnpg.dat

------------------------------------------------

Scan was COMPLETED SUCCESSFULLY at 9:25:05 AM

Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 12:13:41 PM, on 6/27/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\wanmpsvc.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\system32\rundll32.exe

c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\America Online 9.0\aolwbspd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\l7y42x47.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_06.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\l7y42x47.slt\prefs.js)

O4 - HKLM\..\Run: [blockTracker] c:\hp\bin\BlockTracker.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O9 - Extra button: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {AA82CF0B-27B6-40BB-9018-F553AF9BBD30} - C:\WINDOWS\System32\intlmain.dll (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://216.139.213.20/main/Install/en/US/C...aDownloader.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/shapo/shapo.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled...aploader_v6.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/oemji_opt_o...erInstall_2.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{062639E3-79D8-4C07-9686-8F46168AD605}: NameServer = 205.188.146.145

O17 - HKLM\System\CS1\Services\Tcpip\..\{062639E3-79D8-4C07-9686-8F46168AD605}: NameServer = 205.188.146.145

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Link to post
Share on other sites

Hi Pumpkinjack,

1) Please download the Killbox.

Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Please remove the following folders using Windows Explorer (if present):

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4R61QTW1

C:\Documents and Settings\Owner\Favorites\Search the Web for Everything in One Click!.url

C:\WINDOWS\Bundles

C:\Documents and Settings\Owner\Application Data\Lycos

C:\WINDOWS\system32\FLEOK

C:\Program Files\System Soap Pro

4) Once in Safe Mode,

8. Please run Killbox.

  • Select "Delete on Reboot".
  • Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
    C:\WINDOWS\system32\cd_clint.dll
    C:\WINDOWS\system32\sysfile.dll
    C:\WINDOWS\Downloaded Program Files\v?.dll
    C:\WINDOWS\toolbar.exe
    C:\Program Files\Internet Explorer\dxbdgefk.exe
    C:\Program Files\Internet Explorer\kivunpss.exe
    C:\Program Files\Internet Explorer\tmwlbqfd.exe
    C:\WINDOWS\addwu32.dll
    C:\WINDOWS\crcm32.dll
    C:\WINDOWS\crwt.dll
    C:\WINDOWS\Downloaded Program Files\dxbdgefk.exe
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll
    C:\WINDOWS\Downloaded Program Files\popcaploader.inf
    C:\WINDOWS\Downloaded Program Files\v2.dll
    C:\WINDOWS\ipmc.dll
    C:\WINDOWS\javaaw.dll
    C:\WINDOWS\ntdz32.dll
    C:\WINDOWS\n_byxjpj.log
    C:\WINDOWS\pss\ncdr.exe
    C:\WINDOWS\sdkbn.exe
    C:\WINDOWS\sdkka32.exe
    C:\WINDOWS\sdkld32.exe
    C:\WINDOWS\sdklj.exe
    C:\WINDOWS\sdkob.exe
    C:\WINDOWS\sdkpb.exe
    C:\WINDOWS\sdkqk32.exe
    C:\WINDOWS\sdkxk32.exe
    C:\WINDOWS\sdkxm32.exe
    C:\WINDOWS\sdkzs32.exe
    C:\WINDOWS\syscl32.exe
    C:\WINDOWS\sysha32.exe
    C:\WINDOWS\sysjw32.exe
    C:\WINDOWS\syslo.exe
    C:\WINDOWS\syslw.exe
    C:\WINDOWS\syslx32.exe
    C:\WINDOWS\sysma32.exe
    C:\WINDOWS\sysmq32.exe
    C:\WINDOWS\sysox.exe
    C:\WINDOWS\syspf.exe
    C:\WINDOWS\sysqg.exe
    C:\WINDOWS\sysqw32.exe
    C:\WINDOWS\sysrk.exe
    C:\WINDOWS\system32\AvlPk4g.exe
    C:\WINDOWS\system32\Bwd9m.exe
    C:\WINDOWS\system32\cd_clint.dll
    C:\WINDOWS\system32\crae32.dll
    C:\WINDOWS\system32\crus.dll
    C:\WINDOWS\system32\d3se.dll
    C:\WINDOWS\system32\iefn32.dll
    C:\WINDOWS\system32\iphs32.dll
    C:\WINDOWS\system32\Kjxpex=.jpg.exe
    C:\WINDOWS\system32\MhoK9W3.exe
    C:\WINDOWS\system32\supdate.dll
    C:\WINDOWS\system32\sysfile.dll
    C:\WINDOWS\system32\sysir.dll
    C:\WINDOWS\system32\syszv32.dll
    C:\WINDOWS\system32\winbs.dll
    C:\WINDOWS\system32\XfpamdX.exe
    C:\WINDOWS\system32\zbpozoo.dll
    C:\WINDOWS\systx32.exe
    C:\WINDOWS\sysvc32.exe
    C:\WINDOWS\sysxf.exe
    C:\WINDOWS\sysyk32.exe
    C:\WINDOWS\syszw32.exe
    C:\WINDOWS\toolbar.exe
    C:\WINDOWS\winci.exe
    C:\WINDOWS\winfo.dll
    C:\WINDOWS\winfo32.exe
    C:\WINDOWS\wingy.exe
    C:\WINDOWS\winhg32.exe
    C:\WINDOWS\winhi.exe
    C:\WINDOWS\winhq.exe
    C:\WINDOWS\winhw32.exe
    C:\WINDOWS\winja.exe
    C:\WINDOWS\winkt.exe
    C:\WINDOWS\winlk.exe
    C:\WINDOWS\winqa32.exe
    C:\WINDOWS\winra32.exe
    C:\WINDOWS\winre32.exe
    C:\WINDOWS\winrs.exe
    C:\WINDOWS\winsr32.exe
    C:\WINDOWS\winsv32.exe
    C:\WINDOWS\winug32.exe
    C:\WINDOWS\winuu32.exe
    C:\WINDOWS\winvw32.exe
    C:\WINDOWS\winyd32.exe
    C:\WINDOWS\winye.exe
    C:\WINDOWS\winzs.exe
  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..
  • Let the system reboot.

5) Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

6. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.

Edited by Excal
Link to post
Share on other sites
Guest
This topic is now closed to further replies.