Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

DR Watson PostMortem Debuggger problems! Help

Started by nrlgolf15 , Mar 28 2005 04:29 PM

  • Please log in to reply

#1
nrlgolf15
Posted 28 March 2005 - 04:29 PM

nrlgolf15

    New Member

  • Member
  • Pip
  • 6 posts
Hey everybody i am new on here and I am having a big problem on my pc right now. I am getting the Dr Watson error and I cant open any of my personal files; my computer, my documents, ect. I have the log and i will post it below. Any help from anybody wouldbe great. Thanks all, Nick Lukow


Logfile of HijackThis v1.99.1
Scan saved at 5:24:52 PM, on 03/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\cris.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\WINDOWS\system32\mswq.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Nick Lukow\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_hp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar...spx?tb_id=50154
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hnhcx.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hnhcx.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hnhcx.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r6.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r6.attbi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Nick Lukow\Application Data\Mozilla\Profiles\default\0p4xdn4u.slt\prefs.js)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {EDA38CC9-B865-78BD-C1A5-843DCC6547D9} - C:\WINDOWS\mfckb32.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [cris.exe] C:\WINDOWS\cris.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Windows Management Instrumentations] winmg.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\bqyymzsn.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.1...m::/on-line.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...8a29296baabe1d6
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094023988858
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-downlo...tsInstaller.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mswq.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: Windows Management Instrumentations (winmgt) - Unknown owner - C:\WINDOWS\System32\winmg.exe" -service (file missing)
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
  • 0

Advertisements

#2
nrlgolf15
Posted 29 March 2005 - 08:20 PM

nrlgolf15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
bump
  • 0

#3
don77
Posted 17 April 2005 - 09:37 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi nrlgolf15 and welcome
Sorry for the late reply, If your still looking for help to resolve this issue please post back a fresh HJT log please.

If you have resolved it please let us know,

Thanks and again sorry for the late reply,
Don
  • 0

#4
nrlgolf15
Posted 17 April 2005 - 07:05 PM

nrlgolf15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the Hijack this report. Let me know what you guys can do. Any help would be great. I am still having the same problems that were described before and I really could use some help. Thanks Nick

Logfile of HijackThis v1.99.1
Scan saved at 9:00:08 PM, on 04/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\cris.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\WINDOWS\system32\mswq.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Documents and Settings\Nick Lukow\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_hp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar...spx?tb_id=50154
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wogll.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wogll.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wogll.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wogll.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wogll.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r6.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r6.attbi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Nick Lukow\Application Data\Mozilla\Profiles\default\0p4xdn4u.slt\prefs.js)
O2 - BHO: (no name) - {1FA6740E-EFFA-5A22-3EBB-3FEAEF48F18E} - C:\WINDOWS\mfcao.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [cris.exe] C:\WINDOWS\cris.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\RunServices: [Windows Management Instrumentations] winmg.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\bqyymzsn.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.1...m::/on-line.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...8a29296baabe1d6
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094023988858
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-downlo...tsInstaller.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mswq.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: Windows Management Instrumentations (winmgt) - Unknown owner - C:\WINDOWS\System32\winmg.exe" -service (file missing)
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
  • 0

#5
don77
Posted 17 April 2005 - 08:42 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi nrlgolf15 welcome,
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

First,
Please Download LSPFix and Run the Program.
Disconnect from the Internet and close all Internet Explorer Windows.
Check the "I know what I'm doing" Button and remove all traces of calsp.dll and lspak.dll ( Nothing else)
Then Reboot.

Next,
Please read through the instructions before you start (you may want to print this out).

Please download and install these programs - don't run them yet!!

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.


Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.

Download and unzip cwsserviceremove to your desktop. use either link below:
http://computercops....F...oad&id=3002[/url
http://www.mytechsup...rviceremove.zip


Download CW-Shredder at the link below:
http://cwshredder.net/bin/CWSshtreder.exe://http://www.mytechsupport.ca/helpwit...CWSshtreder.exe

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigha...ds/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

+++++++++++++++++++++++++++++++++++++++++++++++++



Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:

” Network Security Service (NSS) ( 11Fßä #·ºÄÖ`I) “



When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!

3. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for:

PROCESSES TO BE STOPPED
mswq.exe
cris.exe
winmg.exe


If you find the files, click on them, and then click End Process => Exit the Task Manager.


4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_hp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar...spx?tb_id=50154
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wogll.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wogll.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wogll.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wogll.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wogll.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {1FA6740E-EFFA-5A22-3EBB-3FEAEF48F18E} - C:\WINDOWS\mfcao.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [cris.exe] C:\WINDOWS\cris.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe
O4 - HKLM\..\RunServices: [Windows Management Instrumentations] winmg.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\bqyymzsn.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.1...m::/on-line.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...8a29296baabe1d6
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) –
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-downlo...tsInstaller.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä #·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\mswq.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: Windows Management Instrumentations (winmgt) - Unknown owner - C:\WINDOWS\System32\winmg.exe" -service (file missing)
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe


5. Delete the following files if present:
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe <--Delete Folder
C:\PROGRA~1\Toolbar\TBPS.exe <--Delete Folder
C:\WINDOWS\cris.exe
C:\Program Files\VVSN\VVSN.exe <--Delete Folder
C:\Program Files\Save\Save.exe <--Delete Folder
C:\PROGRA~1\Toolbar\PIB.exe <--Delete Folder
C:\WINDOWS\system32\mswq.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe <--Delete Folder
C:\Program Files\Common Files\WinTools\WToolsS.exe <--Delete Folder
C:\Program Files\Common Files\WinTools\WSup.exe <--Delete Folder
C:\WINDOWS\mfcao.dll
C:\WINDOWS\system32\mswq.exe

(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

7. Scan with AdAware and let it remove any bad files found.

8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

9. Double click on the cwsserviceremove and when asked to merge say yes.

10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

11. Reboot into normal mode.

12. Download the Hoster from Here Press "Restore Original Hosts" and press "OK". Exit Program


13. Download and run this online virus scan:
[url="http://housecall.trendmicro.com/housecall/start_corp.asp"]http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you check "AutoClean"

then reboot and post a fresh Hijack This log to see how we did.
  • 0

#6
nrlgolf15
Posted 18 April 2005 - 12:37 PM

nrlgolf15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I will try all this tonight and get back to you asap. Thanks for all the help ths far.
Nick
  • 0

#7
nrlgolf15
Posted 19 April 2005 - 02:01 AM

nrlgolf15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ALLRIGHT!!!!!! I can now acess all of my files in my computer, C: drive, ect. I could not get that online virus scan to work, but I will run theone that symantec offers on its website. Everything went smoothly i think. I dont know if I will need to do anything else, but if you know of anything else I should do please let me know. I am posting the new HIjack this report below. Anyways thanks so much don77 you relly know your stuff and I happy that their are people like you out there that are willing to help.

Logfile of HijackThis v1.99.1
Scan saved at 4:00:40 AM, on 04/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Nick Lukow\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r6.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r6.attbi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Nick Lukow\Application Data\Mozilla\Profiles\default\0p4xdn4u.slt\prefs.js)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094023988858
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: Windows Management Instrumentations (winmgt) - Unknown owner - C:\WINDOWS\System32\winmg.exe" -service (file missing)

Let me know if you know of any more things i should do. Thanks Nick
  • 0

#8
don77
Posted 19 April 2005 - 06:49 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Great deal Nick, Looks good!
A couple more items to clean up,

First,
Download the DelDomains zip file and unzip it to your desktop.

DelDomains

Right-click on the deldomains.inf file and select 'Install'

Next,

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted IP range: 206.161.125.149
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)

The 015's may not be there.
Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD

C:\PROGRA~1\Toolbar\TBPSSvc.exe <--delete Folder if found

Restart your computer,

Run this online virus scan: ActiveScan - Save the results from the scan!


Post back a fresh HJT log and what Active scan finds please
  • 0

#9
nrlgolf15
Posted 19 April 2005 - 06:31 PM

nrlgolf15

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey, I could not find the file C:\PROGRA~1\Toolbar\TBPSSvc.exe <--delete Folder if found I dont know If i didnt search correctly or what but I could not find it on my computer while in safe mode. I will post a new hijack this report and the scan results below. Tell if there is anything else that I need to do. Thanks again for everything, you guys really are great. Nick


Logfile of HijackThis v1.99.1
Scan saved at 8:27:57 PM, on 04/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Nick Lukow\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r6.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r6.attbi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Nick Lukow\Application Data\Mozilla\Profiles\default\0p4xdn4u.slt\prefs.js)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094023988858
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: Windows Management Instrumentations (winmgt) - Unknown owner - C:\WINDOWS\System32\winmg.exe" -service (file missing)

The scan was really really long, but here it is:




Incident Status Location

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\adcache
Adware:Adware/eZula No disinfected C:\WINDOWS\system32\svc.dll
Spyware:Spyware/New.net No disinfected C:\Program Files\NewDotNet
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Gator No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Gain Publishing
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Adware:Adware/nCase No disinfected C:\WINDOWS\180ax.log
Spyware:Spyware/Dyfuca No disinfected C:\DOCUME~1\NICKLU~1\LOCALS~1\Temp\optimize.exe
Spyware:Spyware/ISTbar No disinfected C:\DOCUME~1\NICKLU~1\LOCALS~1\Temp\iinstall.exe
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\CSBB
Adware:Adware/KeenValue No disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/PortalScan No disinfected C:\Program Files\stc
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\sahagent?.exe
Adware:Adware/CWS No disinfected C:\Documents and Settings\Nick Lukow\Favorites\Automotive resources.url
Adware:Adware/Superbar No disinfected C:\Program Files\_SUPERBAR
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Adware:Adware/SearchAid No disinfected Windows Registry
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\WinTools
Adware:Adware/VirtualBouncer No disinfected C:\mypcsearch.exe
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\system32\winttr.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/DealHelper No disinfected C:\WINDOWS\bundles\dealhelper.exe
Adware:Adware/AdLogix No disinfected Windows Registry
Adware:Adware/TopRebates No disinfected C:\DOCUME~1\NICKLU~1\LOCALS~1\Temp\jkill.exe
Spyware:Spyware/LocalNRD No disinfected C:\WINDOWS\inf\localNRD.inf
Adware:Adware/Twain-Tech No disinfected C:\DOCUME~1\NICKLU~1\LOCALS~1\Temp\THI*.tmp
Adware:Adware/WUpd No disinfected C:\Program Files\Windows SyncroAd
Spyware:Spyware/Altnet No disinfected Windows Registry
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteBar
Adware:Adware/SBSoft No disinfected C:\WINDOWS\Downloaded Program Files\webdlg32.dll
Adware:Adware/E2Give No disinfected C:\Program Files\E2G
Adware:Adware/WhenUSearch No disinfected C:\Documents and Settings\Nick Lukow\Start Menu\Programs\WhenU
Adware:Adware/MyWebSearch No disinfected C:\WINDOWS\system32\tbps.ini
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\system32\Lspak.dll
Adware:Adware/BroadcastPC No disinfected C:\Program Files\Common Files\java\bcre.exe
Spyware:Spyware/Spyblocs No disinfected C:\WINDOWS\system32\SplashSpot Games.exe
Spyware:Spyware/IESearchToolbarNo disinfected C:\Program Files\iesearchtoolbar
Virus:Trj/Downloader.AEE Disinfected Operating system
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Nick Lukow\Favorites\Sites about\Ab scissor.url
Adware:Adware/PowerStrip No disinfected C:\WINDOWS\pgtaff?.bin
Spyware:Spyware/LinkReplacer No disinfected Windows Registry
Adware:Adware/Kudd No disinfected C:\Program Files\kudd.com
Adware:Adware/Transponder No disinfected C:\WINDOWS\preInsln.exe
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\system32\P2P Networking
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Nick Lukow\Application Data\oabt.exe
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Nick Lukow\Application Data\tarr.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\Documents and Settings\Nick Lukow\Desktop\backups\backup-20050419-031315-202.dll
Adware:Adware/P2PNetworking No disinfected C:\Documents and Settings\Nick Lukow\Desktop\backups\backup-20050419-031315-292.dll
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Nick Lukow\Desktop\backups\backup-20050419-031315-798.inf
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Nick Lukow\Desktop\backups\backup-20050419-031315-816.inf
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Nick Lukow\Desktop\backups\backup-20050419-031316-851.inf
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\!update.exe
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\10063015.dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\185406.dll
Adware:Adware/StatBlaster No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\An0f8t.exe
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\asmfiles.cab
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\asmfiles.cab[asm.exe]
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\asmfiles.cab[asmps.dll]
Adware:Adware/Envolo No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\AutoUpdate1\auto_update_uninstall.exe
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\banner.exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\coreak.dll
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\i17C.tmp
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\ICD2.tmp\MediaTicketsInstaller.ocx
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\iinstall.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\istsvc_updater.exe
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\ln_reco.exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\lspak.dll
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\optimize.exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\rulesak.dll
Adware:Adware/Twain-Tech No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\THI7816.tmp\preInsln.exe
Adware:Adware/StatBlaster No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\tHmS3.exe
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\tvmupdater.exe
Adware:Adware/SaveNow No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\whenu.exe
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\__unin__.exe
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~100000.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~100089.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~105478.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~107472.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~114034.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~122413.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~128526.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~130245.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~135072.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~142936.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~149262.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~151594.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~154286.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~16291.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~174503.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~3364.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~366668.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~380413.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~39046.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~43820.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~439899.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~440010.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~441710.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~464487.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~484686.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~495023.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~499571.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~500893.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~501271.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~501381.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~501511.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~501980.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~502147.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~502206.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~503910.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~505958.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~506616.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~507276.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~509478.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~509877.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~510827.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~521216.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~522719.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~527559.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~527841.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~531833.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~532933.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~533322.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~533387.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~53452.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~536813.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~538423.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~538872.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~539365.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~539917.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~543479.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~544327.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~544527.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~544545.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~544954.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~547113.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~547495.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~548408.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~550632.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~550695.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~561556.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~562124.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~563570.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~565522.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~568057.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~569112.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~569305.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~571514.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~572243.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~572654.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~576710.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~585113.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~589379.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~590958.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~604939.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~605476.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~606038.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~606973.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~611166.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~618096.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~625502.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~627545.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~631578.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~632582.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~632824.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~633401.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~633851.tmp
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Nick Lukow\Local Settings\Temp\~635723.tmp
Adware:Adware/WinTools No disinfected
  • 0

#10
don77
Posted 19 April 2005 - 08:19 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi NIck your log looks great now!!

Lets see if we can clean up your system a bit here,

Go Here download and install Cleanup!
Open up the program and click on the cleanup button, Let it do it’s thing.
It will ask you to reboot do so,
When the computer restarts it will open again again and finish running allow it to do so please,
This will clean up a lot of the files Active found


Next,
Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
you can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP