this is the new hijackthis log the active scan log and the buster when I restarted it again I could run it a little bit. I didnt get to run the house call it wouldnt work
Logfile of HijackThis v1.99.1
Scan saved at 2:17:05 AM, on 2/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\d3ln32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dmsuinit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Documents and Settings\John Ascani\Desktop\Unused Desktop Shortcuts\HijackThis.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://smbusiness.dellnet.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qpnrw.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qpnrw.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qpnrw.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qpnrw.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qpnrw.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qpnrw.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qpnrw.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
http://localhostR3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {388C2E34-686F-EB26-27A8-3DED78707177} - C:\WINDOWS\sysji.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [sysdn.exe] C:\WINDOWS\sysdn.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\DOCUME~1\JOHNAS~1\LOCALS~1\Temp\cxtpls_loader.exe" /PC=CP.IST /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [uFnX3tg] dmsuinit.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\RunOnce: [d3ln32.exe] C:\WINDOWS\d3ln32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: ConferenceRoom Java Client -
http://irc.theamateu...com/java/cr.cabO16 - DPF: Yahoo! Pool 2 -
http://download.game...ts/y/potc_x.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://akamaidownloa...iTunesSetup.exeO16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
http://www.ysbweb.co...ysb_regular.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg...l_v1-0-3-12.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) -
http://community.web...otoUploader.CABO20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Remote Procedure Call (RPC) Helper (%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\sysls32.exe (file missing)
Incident Status Location
Adware:Adware/Apropos No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temp\AutoUpdate0\auto_update_install.exe
Adware:Adware/Envolo No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temp\AutoUpdate0\setup.inf
Adware:Adware/TopRebates No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temp\djtopr1150.exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temp\optimize.exe
Adware:Adware/TopRebates No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temp\webrebates.exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temporary Internet Files\Content.IE5\D1WHZ30R\optimize[1].exe
Adware:Adware/TopRebates No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temporary Internet Files\Content.IE5\D1WHZ30R\webrebates_usa[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temporary Internet Files\Content.IE5\H6WN6TA7\istsvc[1].exe
Adware:Adware/Envolo No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temporary Internet Files\Content.IE5\IA2Q4J2P\AutoUpdaterInstaller[1].exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temporary Internet Files\Content.IE5\IA2Q4J2P\istrecover[1].exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temporary Internet Files\Content.IE5\IA2Q4J2P\ncase_new[1].exe
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temporary Internet Files\Content.IE5\WS2OBQWO\nem220[1].dll
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\John Ascani\Local Settings\Temporary Internet Files\Content.IE5\WS2OBQWO\ysb_regular[1].cab[ysbactivex.inf]
Virus:VBS/Inor.AF Renamed C:\ntdetect.hta
Adware:Adware/Apropos No disinfected C:\Program Files\AutoUpdate\AutoUpdate.exe
Adware:Adware/Apropos No disinfected C:\Program Files\CxtPls\ace.dll
Adware:Adware/Apropos No disinfected C:\Program Files\CxtPls\CxtPls.dll
Adware:Adware/Apropos No disinfected C:\Program Files\CxtPls\ProxyStub.dll
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Internet Optimizer\optimize.exe
Spyware:Spyware/ISTbar No disinfected C:\Program Files\ISTsvc\istsvc.exe
Adware:Adware/TopRebates No disinfected C:\Program Files\Web_Rebates\disp1150.exe
Adware:Adware/TopRebates No disinfected C:\Program Files\Web_Rebates\WebRebates0.exe
Adware:Adware/TopRebates No disinfected C:\Program Files\Web_Rebates\WebRebates1.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apiuv.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crer.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crkc32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3ln32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3oq32.exe
Spyware:Spyware/YourSiteBar No disinfected C:\WINDOWS\Downloaded Program Files\ysbactivex.inf
Adware:Adware/HT401 No disinfected C:\WINDOWS\fenvj.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\ggjnk.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\hyjfutky.exe.$$$
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipqf32.exe
Virus:Trj/Spy.Justin Disinfected C:\WINDOWS\ISNSYS.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ixylixqf.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcqq32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mskb.exe
Adware:Adware/HT401 No disinfected C:\WINDOWS\qpnrw.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdknd32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sysdn.exe
Virus:Trj/Downloader.AQN Disinfected C:\WINDOWS\sysdn.exe.bak
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\atlzm.exe
Adware:Adware/Envolo No disinfected C:\WINDOWS\SYSTEM32\auto_update_uninstall.exe
Virus:Trj/Downloader.AMT No disinfected C:\WINDOWS\SYSTEM32\dmcdmail.exe
Adware:Adware/CWS.008k No disinfected C:\WINDOWS\SYSTEM32\dmsuinit.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ienp32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ntfv.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ntwf32.exe
Adware:Adware/HT401 No disinfected C:\WINDOWS\SYSTEM32\ppfyf.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\SYSTEM32\rpbxl.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\sdkjm.exe
Adware:Adware/HT401 No disinfected C:\WINDOWS\SYSTEM32\sklbm.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\syshq32.exe
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 16
Removed Data Streams:
C:\WINDOWS\BcdSetup.log:qzgig
C:\WINDOWS\cdplayer.ini:bazni
C:\WINDOWS\KB824146.log:qnjkr
C:\WINDOWS\KB885250.log:voauv
C:\WINDOWS\Q329048.log:xqihq
Removed 4 Random Key Entries
Removed! : C:\WINDOWS\prlii.dat
Removed! : C:\WINDOWS\ptygo.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 16
Removed Data Streams:
C:\WINDOWS\BcdSetup.log:qzgig
C:\WINDOWS\cdplayer.ini:bazni
C:\WINDOWS\KB824146.log:qnjkr
C:\WINDOWS\KB885250.log:voauv
C:\WINDOWS\Q329048.log:xqihq
Attempted Clean Of Temp folder.
Pages Reset... Done!