Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

dr watson postmorten debugger [resolved]

Started by rob p , Mar 30 2005 03:23 PM

This topic is locked

#1
rob p

Posted 30 March 2005 - 03:23 PM

Member

Member
15 posts

I'm having problems with Dr. Watson Postmorten Debugger. Whenever I try to enter into a folder in my computer or Control Panel, etc, the computer locks up and I have to restart to do anything.

*I have downloaded and run all the tests that was required before starting a post.

Whenever I reboot, I still get the freeze out. Even after cleaning the drive with AdAware, Spybot, McAfee Virus Scan, CWShredder, it locks up. I ran hijack this and my log is below. I had to run it in safe mode, though. Will that cause it to be incorrect? I don't know how to run it in normal mode because it is saved inside the computer and I can't access those files. Thanks for any help.

Logfile of HijackThis v1.99.1
Scan saved at 3:08:32 PM, on 3/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Robert\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {D27B861E-B1A3-B029-6A72-CC99EE5E9943} - C:\WINDOWS\system32\netut.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [atlux.exe] C:\WINDOWS\system32\atlux.exe
O4 - HKLM\..\RunOnce: [ieec.exe] C:\WINDOWS\system32\ieec.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netvv32.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

#2
Guest_thatman_*

Posted 30 March 2005 - 04:20 PM

Guest

Hi rob p

Welcome to geekstogo

Please read through the instructions before you start (you may want to print this out).

Please download and install these programs - don't run them yet!!

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.

Download and unzip cwsserviceremove to your desktop. use either link below:
cwsserviceremove

cwsserviceremove.zip

Download CW-Shredder at the link below:
CWShredder

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - Click here to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.

+++++++++++++++++++++++++++++++++++++++++++++++++

Here's the fix:

Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:

Remote Procedure Call

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

2. Reboot into Safe Mode: Click here if you don't know how to do this.

3 Download the CCleaner unzip the file to install.
Open the ccleaner.
Place a check by everything in the Applications tab.
Place a check by Internet Explorer, Windows explorer, and System in the Windows tab.
Now click on Run Cleaner

4. CLOSE ALL WINDOWS AND BROWSERS Scan with HijackThis and put checks next to all the following,

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {D27B861E-B1A3-B029-6A72-CC99EE5E9943} - C:\WINDOWS\system32\netut.dll
O4 - HKLM\..\Run: [atlux.exe] C:\WINDOWS\system32\atlux.exe
O4 - HKLM\..\RunOnce: [ieec.exe] C:\WINDOWS\system32\ieec.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä_#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netvv32.exe (file missing)

Then click on "Fix Checked"

5. Using Windows Explorer delete the following files if present:
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

C:\WINDOWS\ncdxo.dll
C:\WINDOWS\system32\netut.dll
C:\WINDOWS\system32\atlux.exe
C:\WINDOWS\system32\ieec.exe
C:\WINDOWS\netvv32.exe

(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

6. Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

7. Scan with AdAware and let it remove any bad files found.

8. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Clean out all temp files in Mozilla, Internet Explorer.
Internet Explorer: Tools/ Internet Options/ General/ Temporary internet files/ Delete Files (NOTE, that this may take very long!). You can also set the memory limit to about 25 MB at the Settings.

Mozilla: Edit/ Options/ Extended/ Cache/ Clear Cache

9. Double click on the cwsserviceremove and when asked to merge say yes.

10. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

11. Download Pocket Killbox and unzip it; save it to your Desktop.
Run it, and click the radio button that says Delete a file on reboot.
Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
Let the system reboot.

12. Reboot into normal mode.

13. Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:

#3
rob p

Posted 30 March 2005 - 09:47 PM

Member

Topic Starter
Member
15 posts

Thanks, thatman, for your help.

1 question--I'm not able to access the Internet while in Safe Mode. Step #2 under 'Here's the fix' tells me to do this, but has downloads afterward. Can I go ahead and download the programs in normal mode, then use them in safe? Or, for it to work correctly, do I need to be able to download it in safe?
Thanks,
rob

#4
Guest_thatman_*

Posted 31 March 2005 - 02:33 AM

Guest

Hi rob p

Sorry thats my fault put some of the items for download in the wrong area.

Yes download all programs first then run the fix.

Sorry :tazz:

#5
rob p

Posted 31 March 2005 - 02:12 PM

Member

Topic Starter
Member
15 posts

thatman,

I'm in safe mode now and I'm having trouble running the cwsserviceremove program. I've downloaded and double-clicked it, but it never says anything about merging. All it does is ask me if I want it to run. I say 'Yes' and then it asks if I want to allow cwsserviceremove.reg to add to the registry. I say 'yes' and then nothing happens. I tried to download it several times and the result is the same.
What can i do?

If I have to get back in normal mode to get on the Internet, will I have to start over again?

thanks,
rob

#6
Guest_thatman_*

Posted 31 March 2005 - 03:08 PM

Guest

Hi rob p

Post a new HJT.Log and we will take a look, the program runs and leave you thinking did it work. when you re HJT and you see no 015 yes it worked.

Kc :tazz:

#7
rob p

Posted 31 March 2005 - 06:08 PM

Member

Topic Starter
Member
15 posts

I'm not real sure what to do with the Pocket Killbox. I've opened it up. The directions say to "paste them one at a time into the full path of file to delete box and click the red circle with the cross in it."
I understand all of that but the "paste them" part. What is 'them'? A file? I can't find a list of files to drag into that box.
Thanks

#8
Guest_thatman_*

Posted 01 April 2005 - 02:17 AM

Guest

Hi rob p

Pocket Killbox is only used if we have a file that needs to be remove on rebooting the system.

We don't have any files as yet.
You can test what killbox can do.

Download Pocket Killbox and unzip it; save it to your Desktop.
Run it, and click the radio button that says Delete a file on reboot.
Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
Let the system reboot.
C:\WINDOWS\system32\netut.dll
C:\WINDOWS\system32\atlux.exe
C:\WINDOWS\system32\ieec.exe
C:\WINDOWS\netvv32.exe
End off killbox files

Post a new HJT.log

Kc :tazz:

#9
rob p

Posted 01 April 2005 - 09:52 AM

Member

Topic Starter
Member
15 posts

Okay--here goes.
Below is my hjt file, my AB log, and my ActiveScan log. I couldn't find a housecall log and it wouldn't let me copy and paste it to notepad. Housecall did have 10 problem areas that they said couldn't be cleaned, so I deleted those.

HJT--

Logfile of HijackThis v1.99.1
Scan saved at 4:13:04 PM, on 3/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Robert\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

AB Log

Scanned at: 12:09:17 PM on: 3/31/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

Removed Data Streams:
C:\WINDOWS\atlkv32.dll:qwich
C:\WINDOWS\crls(31).dll:pzxph
C:\WINDOWS\crls.dll:pzxph
C:\WINDOWS\einit.ini:duhws
C:\WINDOWS\icccodes.dll:vdqub
C:\WINDOWS\iebe32.dll:oeaad
C:\WINDOWS\Kpsharp(10).dll:qiqtr
C:\WINDOWS\Kpsharp(10).dll:qiqtr
C:\WINDOWS\Kpsharp(11).dll:qiqtr
C:\WINDOWS\Kpsharp(11).dll:qiqtr
C:\WINDOWS\Kpsharp(12).dll:qiqtr
C:\WINDOWS\Kpsharp(12).dll:qiqtr
C:\WINDOWS\Kpsharp(13).dll:qiqtr
C:\WINDOWS\Kpsharp(13).dll:qiqtr
C:\WINDOWS\Kpsharp(14).dll:qiqtr
C:\WINDOWS\Kpsharp(14).dll:qiqtr
C:\WINDOWS\Kpsharp(15).dll:qiqtr
C:\WINDOWS\Kpsharp(15).dll:qiqtr
C:\WINDOWS\Kpsharp(16).dll:qiqtr
C:\WINDOWS\Kpsharp(16).dll:qiqtr
C:\WINDOWS\Kpsharp(17).dll:qiqtr
C:\WINDOWS\Kpsharp(17).dll:qiqtr
C:\WINDOWS\Kpsharp(18)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(18)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(18).dll:qiqtr
C:\WINDOWS\Kpsharp(18).dll:qiqtr
C:\WINDOWS\Kpsharp(19)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(19)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(19).dll:qiqtr
C:\WINDOWS\Kpsharp(19).dll:qiqtr
C:\WINDOWS\Kpsharp(2).dll:qiqtr
C:\WINDOWS\Kpsharp(2).dll:qiqtr
C:\WINDOWS\Kpsharp(20)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(20)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(20).dll:qiqtr
C:\WINDOWS\Kpsharp(20).dll:qiqtr
C:\WINDOWS\Kpsharp(21).dll:qiqtr
C:\WINDOWS\Kpsharp(21).dll:qiqtr
C:\WINDOWS\Kpsharp(22).dll:qiqtr
C:\WINDOWS\Kpsharp(22).dll:qiqtr
C:\WINDOWS\Kpsharp(23).dll:qiqtr
C:\WINDOWS\Kpsharp(23).dll:qiqtr
C:\WINDOWS\Kpsharp(24).dll:qiqtr
C:\WINDOWS\Kpsharp(24).dll:qiqtr
C:\WINDOWS\Kpsharp(25).dll:qiqtr
C:\WINDOWS\Kpsharp(25).dll:qiqtr
C:\WINDOWS\Kpsharp(26).dll:qiqtr
C:\WINDOWS\Kpsharp(26).dll:qiqtr
C:\WINDOWS\Kpsharp(27).dll:qiqtr
C:\WINDOWS\Kpsharp(27).dll:qiqtr
C:\WINDOWS\Kpsharp(28).dll:qiqtr
C:\WINDOWS\Kpsharp(28).dll:qiqtr
C:\WINDOWS\Kpsharp(29).dll:qiqtr
C:\WINDOWS\Kpsharp(29).dll:qiqtr
C:\WINDOWS\Kpsharp(3).dll:qiqtr
C:\WINDOWS\Kpsharp(3).dll:qiqtr
C:\WINDOWS\Kpsharp(30).dll:qiqtr
C:\WINDOWS\Kpsharp(30).dll:qiqtr
C:\WINDOWS\Kpsharp(31).dll:qiqtr
C:\WINDOWS\Kpsharp(31).dll:qiqtr
C:\WINDOWS\Kpsharp(32).dll:qiqtr
C:\WINDOWS\Kpsharp(32).dll:qiqtr
C:\WINDOWS\Kpsharp(33).dll:qiqtr
C:\WINDOWS\Kpsharp(33).dll:qiqtr
C:\WINDOWS\Kpsharp(34).dll:qiqtr
C:\WINDOWS\Kpsharp(34).dll:qiqtr
C:\WINDOWS\Kpsharp(35).dll:qiqtr
C:\WINDOWS\Kpsharp(35).dll:qiqtr
C:\WINDOWS\Kpsharp(36).dll:qiqtr
C:\WINDOWS\Kpsharp(36).dll:qiqtr
C:\WINDOWS\Kpsharp(4).dll:qiqtr
C:\WINDOWS\Kpsharp(4).dll:qiqtr
C:\WINDOWS\Kpsharp(5).dll:qiqtr
C:\WINDOWS\Kpsharp(5).dll:qiqtr
C:\WINDOWS\Kpsharp(6).dll:qiqtr
C:\WINDOWS\Kpsharp(6).dll:qiqtr
C:\WINDOWS\Kpsharp(7).dll:qiqtr
C:\WINDOWS\Kpsharp(7).dll:qiqtr
C:\WINDOWS\Kpsharp(8).dll:qiqtr
C:\WINDOWS\Kpsharp(8).dll:qiqtr
C:\WINDOWS\Kpsharp(9).dll:qiqtr
C:\WINDOWS\Kpsharp(9).dll:qiqtr
C:\WINDOWS\Kpsharp.dll:qiqtr
C:\WINDOWS\Kpsharp.dll:qiqtr
C:\WINDOWS\msgu32(31).dll:ojoyh
C:\WINDOWS\msgu32(32).dll:ojoyh
C:\WINDOWS\msgu32(33).dll:ojoyh
C:\WINDOWS\msgu32(34).dll:ojoyh
C:\WINDOWS\msgu32(35).dll:ojoyh
C:\WINDOWS\msgu32(36).dll:ojoyh
C:\WINDOWS\msgu32.dll:ojoyh
C:\WINDOWS\notepad.exe:pbgrn
C:\WINDOWS\ntqa32.dll:wgjey
C:\WINDOWS\n_hxbuxl.dat:uqyqi
C:\WINDOWS\ODBCINST(3).INI:xiczz
C:\WINDOWS\ODBCINST(4).INI:xiczz
C:\WINDOWS\Rtcwplat.INI:xhzdd
C:\WINDOWS\SBWIN.INI:qhsif
C:\WINDOWS\SBWIN.INI:qhsif
C:\WINDOWS\twain_32.dll:rjuow
C:\WINDOWS\uneng.exe:kjncq
C:\WINDOWS\Unnero.exe:ckght
C:\WINDOWS\Unnero.exe:ckght

Removed 4 Random Key Entries
Removed! : C:\WINDOWS\atlrq32.exe
Removed! : C:\WINDOWS\iepi.exe
Removed! : C:\WINDOWS\netdm.exe
Removed! : C:\WINDOWS\system32\atlux.exe
Removed! : C:\WINDOWS\system32\ntfb32.exe
Removed! : C:\WINDOWS\system32\nttq.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

Removed Data Streams:
C:\WINDOWS\atlkv32.dll:qwich
C:\WINDOWS\crls(31).dll:pzxph
C:\WINDOWS\crls.dll:pzxph
C:\WINDOWS\einit.ini:duhws
C:\WINDOWS\icccodes.dll:vdqub
C:\WINDOWS\iebe32.dll:oeaad
C:\WINDOWS\Kpsharp(10).dll:qiqtr
C:\WINDOWS\Kpsharp(10).dll:qiqtr
C:\WINDOWS\Kpsharp(11).dll:qiqtr
C:\WINDOWS\Kpsharp(11).dll:qiqtr
C:\WINDOWS\Kpsharp(12).dll:qiqtr
C:\WINDOWS\Kpsharp(12).dll:qiqtr
C:\WINDOWS\Kpsharp(13).dll:qiqtr
C:\WINDOWS\Kpsharp(13).dll:qiqtr
C:\WINDOWS\Kpsharp(14).dll:qiqtr
C:\WINDOWS\Kpsharp(14).dll:qiqtr
C:\WINDOWS\Kpsharp(15).dll:qiqtr
C:\WINDOWS\Kpsharp(15).dll:qiqtr
C:\WINDOWS\Kpsharp(16).dll:qiqtr
C:\WINDOWS\Kpsharp(16).dll:qiqtr
C:\WINDOWS\Kpsharp(17).dll:qiqtr
C:\WINDOWS\Kpsharp(17).dll:qiqtr
C:\WINDOWS\Kpsharp(18)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(18)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(18).dll:qiqtr
C:\WINDOWS\Kpsharp(18).dll:qiqtr
C:\WINDOWS\Kpsharp(19)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(19)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(19).dll:qiqtr
C:\WINDOWS\Kpsharp(19).dll:qiqtr
C:\WINDOWS\Kpsharp(2).dll:qiqtr
C:\WINDOWS\Kpsharp(2).dll:qiqtr
C:\WINDOWS\Kpsharp(20)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(20)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(20).dll:qiqtr
C:\WINDOWS\Kpsharp(20).dll:qiqtr
C:\WINDOWS\Kpsharp(21).dll:qiqtr
C:\WINDOWS\Kpsharp(21).dll:qiqtr
C:\WINDOWS\Kpsharp(22).dll:qiqtr
C:\WINDOWS\Kpsharp(22).dll:qiqtr
C:\WINDOWS\Kpsharp(23).dll:qiqtr
C:\WINDOWS\Kpsharp(23).dll:qiqtr
C:\WINDOWS\Kpsharp(24).dll:qiqtr
C:\WINDOWS\Kpsharp(24).dll:qiqtr
C:\WINDOWS\Kpsharp(25).dll:qiqtr
C:\WINDOWS\Kpsharp(25).dll:qiqtr
C:\WINDOWS\Kpsharp(26).dll:qiqtr
C:\WINDOWS\Kpsharp(26).dll:qiqtr
C:\WINDOWS\Kpsharp(27).dll:qiqtr
C:\WINDOWS\Kpsharp(27).dll:qiqtr
C:\WINDOWS\Kpsharp(28).dll:qiqtr
C:\WINDOWS\Kpsharp(28).dll:qiqtr
C:\WINDOWS\Kpsharp(29).dll:qiqtr
C:\WINDOWS\Kpsharp(29).dll:qiqtr
C:\WINDOWS\Kpsharp(3).dll:qiqtr
C:\WINDOWS\Kpsharp(3).dll:qiqtr
C:\WINDOWS\Kpsharp(30).dll:qiqtr
C:\WINDOWS\Kpsharp(30).dll:qiqtr
C:\WINDOWS\Kpsharp(31).dll:qiqtr
C:\WINDOWS\Kpsharp(31).dll:qiqtr
C:\WINDOWS\Kpsharp(32).dll:qiqtr
C:\WINDOWS\Kpsharp(32).dll:qiqtr
C:\WINDOWS\Kpsharp(33).dll:qiqtr
C:\WINDOWS\Kpsharp(33).dll:qiqtr
C:\WINDOWS\Kpsharp(34).dll:qiqtr
C:\WINDOWS\Kpsharp(34).dll:qiqtr
C:\WINDOWS\Kpsharp(35).dll:qiqtr
C:\WINDOWS\Kpsharp(35).dll:qiqtr
C:\WINDOWS\Kpsharp(36).dll:qiqtr
C:\WINDOWS\Kpsharp(36).dll:qiqtr
C:\WINDOWS\Kpsharp(4).dll:qiqtr
C:\WINDOWS\Kpsharp(4).dll:qiqtr
C:\WINDOWS\Kpsharp(5).dll:qiqtr
C:\WINDOWS\Kpsharp(5).dll:qiqtr
C:\WINDOWS\Kpsharp(6).dll:qiqtr
C:\WINDOWS\Kpsharp(6).dll:qiqtr
C:\WINDOWS\Kpsharp(7).dll:qiqtr
C:\WINDOWS\Kpsharp(7).dll:qiqtr
C:\WINDOWS\Kpsharp(8).dll:qiqtr
C:\WINDOWS\Kpsharp(8).dll:qiqtr
C:\WINDOWS\Kpsharp(9).dll:qiqtr
C:\WINDOWS\Kpsharp(9).dll:qiqtr
C:\WINDOWS\Kpsharp.dll:qiqtr
C:\WINDOWS\Kpsharp.dll:qiqtr
C:\WINDOWS\msgu32(31).dll:ojoyh
C:\WINDOWS\msgu32(32).dll:ojoyh
C:\WINDOWS\msgu32(33).dll:ojoyh
C:\WINDOWS\msgu32(34).dll:ojoyh
C:\WINDOWS\msgu32(35).dll:ojoyh
C:\WINDOWS\msgu32(36).dll:ojoyh
C:\WINDOWS\msgu32.dll:ojoyh
C:\WINDOWS\notepad.exe:pbgrn
C:\WINDOWS\ntqa32.dll:wgjey
C:\WINDOWS\n_hxbuxl.dat:uqyqi
C:\WINDOWS\ODBCINST(3).INI:xiczz
C:\WINDOWS\ODBCINST(4).INI:xiczz
C:\WINDOWS\Rtcwplat.INI:xhzdd
C:\WINDOWS\SBWIN.INI:qhsif
C:\WINDOWS\SBWIN.INI:qhsif
C:\WINDOWS\twain_32.dll:rjuow
C:\WINDOWS\uneng.exe:kjncq
C:\WINDOWS\Unnero.exe:ckght
C:\WINDOWS\Unnero.exe:ckght

Attempted Clean Of Temp folder.
Pages Reset... Done!

Scanned at: 5:11:13 PM on: 3/31/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Removed 4 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

ActiveScan

Incident Status Location

Adware:Adware/CWS.008k No disinfected Windows Registry
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addtj.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apicl.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apirv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apisw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apitd32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apphq32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appnt32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atljg32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlkv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crfp.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(10).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(11).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(12).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(13).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(14).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(15).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(16).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(17).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(18).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(19).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(20).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(21).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(22).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(23).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(24).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(25)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(25).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(26)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(26).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(27)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(27).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(28)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(28).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(29)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(29).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(3).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(30)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(30).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(31).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(32).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(4).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(5).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(6).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(7).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(8).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(9).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crvh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3hi32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ieah.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ieai.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iebe32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iehs32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipaq32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipcz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipry32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javafb.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javapq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javasg32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcbr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcec.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfchp32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcjx.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfclw.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcmp32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(10).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(11).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(12).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(13).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(14).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(15).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(16).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(17).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(18)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(18).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(19)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(19).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(20)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(20).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(21).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(22).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(23).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(24).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(25).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(26).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(27).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(28).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(29).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(3).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(30).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(31).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(32).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(33).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(34).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(35).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(36).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(4).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(5).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(6).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(7).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(8).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(9).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msxv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netoo.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntqa32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntrh.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_cdscpj.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_cvavvw.txt
Virus:Trj/Downloader.BDW Disinfected C:\WINDOWS\n_eaqwrg.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_esqodd.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_fuiaxf.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_gvzteh.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_gzxutn.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_hgcawo.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_ipobul.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_kpbint.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_mnfarp.dat
Virus:Trj/Downloader.AQN Disinfected C:\WINDOWS\n_ncoqsp.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_nnvxaj.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_nyhqzx.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_pmwzhy.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_pwxquq.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_qjltkf.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_racscd.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_rhdcyn.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_ufurch.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_uqbcsn.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_uyuqtj.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_xsotds.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_xvuwpe.dat
Virus:Trj/Downloader.AQN Disinfected C:\WINDOWS\n_yocypy.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_yzwxiy.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_zvpity.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkdw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkwp32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkzq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sysaw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\syscp.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sysjy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\addsq32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\addtt.dll

#10
rob p

Posted 01 April 2005 - 09:55 AM

rob p

Member

Topic Starter

Member

15 posts

It doesn't look like my full log for Active Scan made it--

again--

Incident Status Location

Adware:Adware/CWS.008k No disinfected Windows Registry
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addtj.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apicl.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apirv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apisw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apitd32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apphq32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appnt32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atljg32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlkv32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crfp.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(10).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(11).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(12).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(13).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(14).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(15).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(16).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(17).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(18).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(19).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(20).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(21).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(22).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(23).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(24).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(25)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(25).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(26)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(26).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(27)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(27).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(28)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(28).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(29)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(29).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(3).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(30)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(30).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(31).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(32).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(4).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(5).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(6).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(7).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(8).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls(9).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crls.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crvh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3hi32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ieah.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ieai.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iebe32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iehs32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipaq32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipcz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipry32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javafb.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javapq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javasg32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcbr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcec.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfchp32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcjx.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfclw.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcmp32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(10).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(11).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(12).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(13).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(14).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(15).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(16).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(17).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(18)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(18).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(19)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(19).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(20)(2).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(20).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(21).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(22).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(23).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(24).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(25).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(26).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(27).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(28).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(29).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(3).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(30).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(31).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(32).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(33).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(34).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(35).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(36).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(4).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(5).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(6).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(7).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(8).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32(9).dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgu32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msxv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netoo.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntqa32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntrh.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_cdscpj.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_cvavvw.txt
Virus:Trj/Downloader.BDW Disinfected C:\WINDOWS\n_eaqwrg.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_esqodd.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_fuiaxf.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_gvzteh.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_gzxutn.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_hgcawo.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_ipobul.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_kpbint.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_mnfarp.dat
Virus:Trj/Downloader.AQN Disinfected C:\WINDOWS\n_ncoqsp.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_nnvxaj.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_nyhqzx.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_pmwzhy.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_pwxquq.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_qjltkf.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_racscd.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_rhdcyn.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_ufurch.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_uqbcsn.txt
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_uyuqtj.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_xsotds.txt
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_xvuwpe.dat
Virus:Trj/Downloader.AQN Disinfected C:\WINDOWS\n_yocypy.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_yzwxiy.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_zvpity.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkdw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkwp32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkzq.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sysaw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\syscp.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sysjy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\addsq32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\addtt.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\apimy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\apisk32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\apitk32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\apiuo32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\appbl32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\appdr32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\appea32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\applv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\apptx.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\atlaq32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\atlsx.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\crdw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\crft32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\crkq32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\crmk.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\crqw.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\iemz.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ieor32.dll
Virus:Trojan Horse Disinfected C:\WINDOWS\SYSTEM32\ieuu32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ieyp.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ipjc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ipof32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ipqy.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ipri32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ipth.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ipwc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\mfccu.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\msok32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\mspl32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\msxd32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\mszp.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\netom32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ntfm.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ntkg32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ntqw32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\sdkay32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\sdkdt.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\sdkem32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\sdkru32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\sysqk32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\wincg.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\winwj32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\winwm32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\winxh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sysuh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\winie32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\winpu32.dll

0

Advertisements

#11
Guest_thatman_*

Posted 01 April 2005 - 10:15 AM

Guest_thatman_*

Guest

Hi rob p

WOW you have a lot of Malware on that system.

Reboot into Safe Mode: Click here if you don't know how to do this.

CLOSE ALL WINDOWS AND BROWSERS Scan with HijackThis and put checks next to all the following,

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ncdxo.dll/sp.html#37049
R3 - Default URLSearchHook is missing

Then click on "Fix Checked"

Using windows Explorer delete the following files or folders

C:\WINDOWS\ncdxo.dll

Exit Explorer.

Run AboutBuster . This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

Scan with AdAware and let it remove any bad files found.

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

Reboot into normal mode.

Post a new HJT.Log

The killbox files I need to research will post the full list shortly

Kc

0

#12
Guest_thatman_*

Posted 01 April 2005 - 10:33 AM

Guest_thatman_*

Guest

Hi rob p

Part one of kilbox files to delete

Reboot into safemode

Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
Let the system reboot.
C:\WINDOWS\addtj.dll
C:\WINDOWS\apicl.dll
C:\WINDOWS\apirv.dll
C:\WINDOWS\apisw32.dll
C:\WINDOWS\apitd32.dll
C:\WINDOWS\apphq32.dll
C:\WINDOWS\appnt32.dll
C:\WINDOWS\atljg32.dll
C:\WINDOWS\atlkv32.dll
C:\WINDOWS\crfp.dll
C:\WINDOWS\crls(10).dll
C:\WINDOWS\crls(11).dll
C:\WINDOWS\crls(12).dll
C:\WINDOWS\crls(13).dll
C:\WINDOWS\crls(14).dll
C:\WINDOWS\crls(15).dll
C:\WINDOWS\crls(16).dll
C:\WINDOWS\crls(17).dll
C:\WINDOWS\crls(18).dll
C:\WINDOWS\crls(19).dll
C:\WINDOWS\crls(2).dll
C:\WINDOWS\crls(20).dll
C:\WINDOWS\crls(21).dll
C:\WINDOWS\crls(22).dll
C:\WINDOWS\crls(23).dll
C:\WINDOWS\crls(24).dll
C:\WINDOWS\crls(25)(2).dll
C:\WINDOWS\crls(25).dll
C:\WINDOWS\crls(26)(2).dll
C:\WINDOWS\crls(26).dll
C:\WINDOWS\crls(27)(2).dll
C:\WINDOWS\crls(27).dll
C:\WINDOWS\crls(28)(2).dll
C:\WINDOWS\crls(28).dll
C:\WINDOWS\crls(29)(2).dll
C:\WINDOWS\crls(29).dll
C:\WINDOWS\crls(3).dll
C:\WINDOWS\crls(30)(2).dll
C:\WINDOWS\crls(30).dll
C:\WINDOWS\crls(31).dll
C:\WINDOWS\crls(32).dll
C:\WINDOWS\crls(4).dll
C:\WINDOWS\crls(5).dll
C:\WINDOWS\crls(6).dll
C:\WINDOWS\crls(7).dll
C:\WINDOWS\crls(8).dll
C:\WINDOWS\crls(9).dll
C:\WINDOWS\crls.dll
C:\WINDOWS\crvh.dll
C:\WINDOWS\d3hi32.dll
C:\WINDOWS\ieah.dll
C:\WINDOWS\ieai.dll
C:\WINDOWS\iebe32.dll
C:\WINDOWS\iehs32.dll
C:\WINDOWS\ipaq32.dll
C:\WINDOWS\ipcz32.dll
C:\WINDOWS\ipry32.dll
C:\WINDOWS\javafb.dll
C:\WINDOWS\javapq.dll
C:\WINDOWS\javasg32.dll
C:\WINDOWS\mfcbr32.dll
C:\WINDOWS\mfcec.dll
C:\WINDOWS\mfchp32.dll
C:\WINDOWS\mfcjx.dll
C:\WINDOWS\mfclw.dll
C:\WINDOWS\mfcmp32.dll
C:\WINDOWS\msgu32(10).dll
C:\WINDOWS\msgu32(11).dll
C:\WINDOWS\msgu32(12).dll
C:\WINDOWS\msgu32(13).dll
C:\WINDOWS\msgu32(14).dll
C:\WINDOWS\msgu32(15).dll
C:\WINDOWS\msgu32(16).dll
C:\WINDOWS\msgu32(17).dll
C:\WINDOWS\msgu32(18)(2).dll
C:\WINDOWS\msgu32(18).dll
C:\WINDOWS\msgu32(19)(2).dll
C:\WINDOWS\msgu32(19).dll
C:\WINDOWS\msgu32(2).dll
C:\WINDOWS\msgu32(20)(2).dll
C:\WINDOWS\msgu32(20).dll
C:\WINDOWS\msgu32(21).dll
C:\WINDOWS\msgu32(22).dll
C:\WINDOWS\msgu32(23).dll
C:\WINDOWS\msgu32(24).dll
C:\WINDOWS\msgu32(25).dll
C:\WINDOWS\msgu32(26).dll
C:\WINDOWS\msgu32(27).dll
C:\WINDOWS\msgu32(28).dll
C:\WINDOWS\msgu32(29).dll
C:\WINDOWS\msgu32(3).dll
C:\WINDOWS\msgu32(30).dll
C:\WINDOWS\msgu32(31).dll
C:\WINDOWS\msgu32(32).dll
C:\WINDOWS\msgu32(33).dll
C:\WINDOWS\msgu32(34).dll
C:\WINDOWS\msgu32(35).dll
C:\WINDOWS\msgu32(36).dll
C:\WINDOWS\msgu32(4).dll
C:\WINDOWS\msgu32(5).dll
C:\WINDOWS\msgu32(6).dll
C:\WINDOWS\msgu32(7).dll
C:\WINDOWS\msgu32(8).dll
C:\WINDOWS\msgu32(9).dll
C:\WINDOWS\msgu32.dll
C:\WINDOWS\msxv.dll
C:\WINDOWS\netoo.dll
C:\WINDOWS\ntqa32.dll
C:\WINDOWS\ntrh.dll
C:\WINDOWS\n_cdscpj.dat
C:\WINDOWS\n_cvavvw.txt
C:\WINDOWS\n_eaqwrg.dat
C:\WINDOWS\n_esqodd.dat
C:\WINDOWS\n_fuiaxf.txt
C:\WINDOWS\n_gvzteh.dat
C:\WINDOWS\n_gzxutn.txt
C:\WINDOWS\n_hgcawo.dat
C:\WINDOWS\n_ipobul.txt
C:\WINDOWS\n_kpbint.txt
C:\WINDOWS\n_mnfarp.dat
C:\WINDOWS\n_ncoqsp.txt
C:\WINDOWS\n_nnvxaj.dat
C:\WINDOWS\n_nyhqzx.txt
C:\WINDOWS\n_pmwzhy.dat
C:\WINDOWS\n_pwxquq.dat
C:\WINDOWS\n_qjltkf.txt
C:\WINDOWS\n_racscd.dat
C:\WINDOWS\n_rhdcyn.txt
C:\WINDOWS\n_ufurch.dat
C:\WINDOWS\n_uqbcsn.txt
C:\WINDOWS\n_uyuqtj.dat
C:\WINDOWS\n_xsotds.txt
C:\WINDOWS\n_xvuwpe.dat
C:\WINDOWS\n_yocypy.dat
C:\WINDOWS\n_yzwxiy.dat
C:\WINDOWS\n_zvpity.dat
C:\WINDOWS\sdkdw32.dll
C:\WINDOWS\sdkwp32.dll
C:\WINDOWS\sdkzq.dll
C:\WINDOWS\sysaw32.dll
C:\WINDOWS\syscp.dll
C:\WINDOWS\sysjy.dll
C:\WINDOWS\SYSTEM32\addsq32.dll
C:\WINDOWS\SYSTEM32\addtt.dll
C:\WINDOWS\SYSTEM32\apimy.dll
C:\WINDOWS\SYSTEM32\apisk32.dll
C:\WINDOWS\SYSTEM32\apitk32.dll
C:\WINDOWS\SYSTEM32\apiuo32.dll
C:\WINDOWS\SYSTEM32\appbl32.dll
C:\WINDOWS\SYSTEM32\appdr32.dll
C:\WINDOWS\SYSTEM32\appea32.dll
C:\WINDOWS\SYSTEM32\applv.dll
C:\WINDOWS\SYSTEM32\apptx.dll
C:\WINDOWS\SYSTEM32\atlaq32.dll
C:\WINDOWS\SYSTEM32\atlsx.dll
C:\WINDOWS\SYSTEM32\crdw32.dll
C:\WINDOWS\SYSTEM32\crkq32.dll
C:\WINDOWS\SYSTEM32\crmk.dll
C:\WINDOWS\SYSTEM32\crqw.dll
C:\WINDOWS\SYSTEM32\iemz.dll
C:\WINDOWS\SYSTEM32\ieor32.dll
C:\WINDOWS\SYSTEM32\ieuu32.exe
C:\WINDOWS\SYSTEM32\ieyp.dll
C:\WINDOWS\SYSTEM32\ipjc32.dll
C:\WINDOWS\SYSTEM32\ipof32.dll
C:\WINDOWS\SYSTEM32\ipqy.dll
C:\WINDOWS\SYSTEM32\ipri32.dll
C:\WINDOWS\SYSTEM32\ipth.dll
C:\WINDOWS\SYSTEM32\ipwc32.dll
C:\WINDOWS\SYSTEM32\mfccu.dll
C:\WINDOWS\SYSTEM32\msok32.dll
C:\WINDOWS\SYSTEM32\mspl32.dll
C:\WINDOWS\SYSTEM32\msxd32.dll
C:\WINDOWS\SYSTEM32\mszp.dll
C:\WINDOWS\SYSTEM32\netom32.dll
C:\WINDOWS\SYSTEM32\ntfm.dll
C:\WINDOWS\SYSTEM32\ntkg32.dll
C:\WINDOWS\SYSTEM32\ntqw32.dll
C:\WINDOWS\SYSTEM32\sdkay32.dll
C:\WINDOWS\SYSTEM32\sdkdt.dll
C:\WINDOWS\SYSTEM32\sdkem32.dll
C:\WINDOWS\SYSTEM32\sdkru32.dll
C:\WINDOWS\SYSTEM32\sysqk32.dll
C:\WINDOWS\SYSTEM32\wincg.dll
C:\WINDOWS\SYSTEM32\winwj32.dll
C:\WINDOWS\SYSTEM32\winwm32.dll
C:\WINDOWS\SYSTEM32\winxh.dll
C:\WINDOWS\sysuh.dll
C:\WINDOWS\winie32.dll
C:\WINDOWS\winpu32.dll
End of killbox files

Part two to follow.

Kc

0

#13
Guest_thatman_*

Posted 01 April 2005 - 11:03 AM

Guest_thatman_*

Guest

Hi rob p

Reboot into safemode

Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
Let the system reboot.
C:\WINDOWS\addtj.dll
C:\WINDOWS\apicl.dll
C:\WINDOWS\apirv.dll
C:\WINDOWS\apisw32.dll
C:\WINDOWS\apitd32.dll
C:\WINDOWS\apphq32.dll
C:\WINDOWS\appnt32.dll
C:\WINDOWS\atljg32.dll
C:\WINDOWS\atlkv32.dll
C:\WINDOWS\crfp.dll
C:\WINDOWS\crls(10).dll
C:\WINDOWS\crls(11).dll
C:\WINDOWS\crls(12).dll
C:\WINDOWS\crls(13).dll
C:\WINDOWS\crls(14).dll
C:\WINDOWS\crls(15).dll
C:\WINDOWS\crls(16).dll
C:\WINDOWS\crls(17).dll
C:\WINDOWS\crls(18).dll
C:\WINDOWS\crls(19).dll
C:\WINDOWS\crls(2).dll
C:\WINDOWS\crls(20).dll
C:\WINDOWS\crls(21).dll
C:\WINDOWS\crls(22).dll
C:\WINDOWS\crls(23).dll
C:\WINDOWS\crls(24).dll
C:\WINDOWS\crls(25)(2).dll
C:\WINDOWS\crls(25).dll
C:\WINDOWS\crls(26)(2).dll
C:\WINDOWS\crls(26).dll
C:\WINDOWS\crls(27)(2).dll
C:\WINDOWS\crls(27).dll
C:\WINDOWS\crls(28)(2).dll
C:\WINDOWS\crls(28).dll
C:\WINDOWS\crls(29)(2).dll
C:\WINDOWS\crls(29).dll
C:\WINDOWS\crls(3).dll
C:\WINDOWS\crls(30)(2).dll
C:\WINDOWS\crls(30).dll
C:\WINDOWS\crls(31).dll
C:\WINDOWS\crls(32).dll
C:\WINDOWS\crls(4).dll
C:\WINDOWS\crls(5).dll
C:\WINDOWS\crls(6).dll
C:\WINDOWS\crls(7).dll
C:\WINDOWS\crls(8).dll
C:\WINDOWS\crls(9).dll
C:\WINDOWS\crls.dll
C:\WINDOWS\crvh.dll
C:\WINDOWS\d3hi32.dll
C:\WINDOWS\ieah.dll
C:\WINDOWS\ieai.dll
C:\WINDOWS\iebe32.dll
C:\WINDOWS\iehs32.dll
C:\WINDOWS\ipaq32.dll
C:\WINDOWS\ipcz32.dll
C:\WINDOWS\ipry32.dll
C:\WINDOWS\javafb.dll
C:\WINDOWS\javapq.dll
C:\WINDOWS\javasg32.dll
C:\WINDOWS\mfcbr32.dll
C:\WINDOWS\mfcec.dll
C:\WINDOWS\mfchp32.dll
C:\WINDOWS\mfcjx.dll
C:\WINDOWS\mfclw.dll
C:\WINDOWS\mfcmp32.dll
C:\WINDOWS\msgu32(10).dll
C:\WINDOWS\msgu32(11).dll
C:\WINDOWS\msgu32(12).dll
C:\WINDOWS\msgu32(13).dll
C:\WINDOWS\msgu32(14).dll
C:\WINDOWS\msgu32(15).dll
C:\WINDOWS\msgu32(16).dll
C:\WINDOWS\msgu32(17).dll
C:\WINDOWS\msgu32(18)(2).dll
C:\WINDOWS\msgu32(18).dll
C:\WINDOWS\msgu32(19)(2).dll
C:\WINDOWS\msgu32(19).dll
C:\WINDOWS\msgu32(2).dll
C:\WINDOWS\msgu32(20)(2).dll
C:\WINDOWS\msgu32(20).dll
C:\WINDOWS\msgu32(21).dll
C:\WINDOWS\msgu32(22).dll
C:\WINDOWS\msgu32(23).dll
C:\WINDOWS\msgu32(24).dll
C:\WINDOWS\msgu32(25).dll
C:\WINDOWS\msgu32(26).dll
C:\WINDOWS\msgu32(27).dll
C:\WINDOWS\msgu32(28).dll
C:\WINDOWS\msgu32(29).dll
C:\WINDOWS\msgu32(3).dll
C:\WINDOWS\msgu32(30).dll
C:\WINDOWS\msgu32(31).dll
C:\WINDOWS\msgu32(32).dll
C:\WINDOWS\msgu32(33).dll
C:\WINDOWS\msgu32(34).dll
C:\WINDOWS\msgu32(35).dll
C:\WINDOWS\msgu32(36).dll
C:\WINDOWS\msgu32(4).dll
C:\WINDOWS\msgu32(5).dll
C:\WINDOWS\msgu32(6).dll
C:\WINDOWS\msgu32(7).dll
C:\WINDOWS\msgu32(8).dll
C:\WINDOWS\msgu32(9).dll
C:\WINDOWS\msgu32.dll
C:\WINDOWS\msxv.dll
C:\WINDOWS\netoo.dll
C:\WINDOWS\ntqa32.dll
C:\WINDOWS\ntrh.dll
C:\WINDOWS\n_cdscpj.dat
C:\WINDOWS\n_cvavvw.txt
C:\WINDOWS\n_eaqwrg.dat
C:\WINDOWS\n_esqodd.dat
C:\WINDOWS\n_fuiaxf.txt
C:\WINDOWS\n_gvzteh.dat
C:\WINDOWS\n_gzxutn.txt
C:\WINDOWS\n_hgcawo.dat
C:\WINDOWS\n_ipobul.txt
C:\WINDOWS\n_kpbint.txt
C:\WINDOWS\n_mnfarp.dat
C:\WINDOWS\n_ncoqsp.txt
C:\WINDOWS\n_nnvxaj.dat
C:\WINDOWS\n_nyhqzx.txt
C:\WINDOWS\n_pmwzhy.dat
C:\WINDOWS\n_pwxquq.dat
C:\WINDOWS\n_qjltkf.txt
C:\WINDOWS\n_racscd.dat
C:\WINDOWS\n_rhdcyn.txt
C:\WINDOWS\n_ufurch.dat
C:\WINDOWS\n_uqbcsn.txt
C:\WINDOWS\n_uyuqtj.dat
C:\WINDOWS\n_xsotds.txt
C:\WINDOWS\n_xvuwpe.dat
C:\WINDOWS\n_yocypy.dat
C:\WINDOWS\n_yzwxiy.dat
C:\WINDOWS\n_zvpity.dat
C:\WINDOWS\sdkdw32.dll
C:\WINDOWS\sdkwp32.dll
C:\WINDOWS\sdkzq.dll
C:\WINDOWS\sysaw32.dll
C:\WINDOWS\syscp.dll
C:\WINDOWS\sysjy.dll
C:\WINDOWS\SYSTEM32\addsq32.dll
C:\WINDOWS\SYSTEM32\addtt.dll
C:\WIN
End of killbox files

Reboot into safemode

Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
Let the system reboot.
C:\WINDOWS\addtj.dll
C:\WINDOWS\apicl.dll
C:\WINDOWS\apirv.dll
C:\WINDOWS\apisw32.dll
C:\WINDOWS\apitd32.dll
C:\WINDOWS\apphq32.dll
C:\WINDOWS\appnt32.dll
C:\WINDOWS\atljg32.dll
C:\WINDOWS\atlkv32.dll
C:\WINDOWS\crfp.dll
C:\WINDOWS\crls(10).dll
C:\WINDOWS\crls(11).dll
C:\WINDOWS\crls(12).dll
C:\WINDOWS\crls(13).dll
C:\WINDOWS\crls(14).dll
C:\WINDOWS\crls(15).dll
C:\WINDOWS\crls(16).dll
C:\WINDOWS\crls(17).dll
C:\WINDOWS\crls(18).dll
C:\WINDOWS\crls(19).dll
C:\WINDOWS\crls(2).dll
C:\WINDOWS\crls(20).dll
C:\WINDOWS\crls(21).dll
C:\WINDOWS\crls(22).dll
C:\WINDOWS\crls(23).dll
C:\WINDOWS\crls(24).dll
C:\WINDOWS\crls(25)(2).dll
C:\WINDOWS\crls(25).dll
C:\WINDOWS\crls(26)(2).dll
C:\WINDOWS\crls(26).dll
C:\WINDOWS\crls(27)(2).dll
C:\WINDOWS\crls(27).dll
C:\WINDOWS\crls(28)(2).dll
C:\WINDOWS\crls(28).dll
C:\WINDOWS\crls(29)(2).dll
C:\WINDOWS\crls(29).dll
C:\WINDOWS\crls(3).dll
C:\WINDOWS\crls(30)(2).dll
C:\WINDOWS\crls(30).dll
C:\WINDOWS\crls(31).dll
C:\WINDOWS\crls(32).dll
C:\WINDOWS\crls(4).dll
C:\WINDOWS\crls(5).dll
C:\WINDOWS\crls(6).dll
C:\WINDOWS\crls(7).dll
C:\WINDOWS\crls(8).dll
C:\WINDOWS\crls(9).dll
C:\WINDOWS\crls.dll
C:\WINDOWS\crvh.dll
C:\WINDOWS\d3hi32.dll
C:\WINDOWS\ieah.dll
C:\WINDOWS\ieai.dll
C:\WINDOWS\iebe32.dll
C:\WINDOWS\iehs32.dll
C:\WINDOWS\ipaq32.dll
C:\WINDOWS\ipcz32.dll
C:\WINDOWS\ipry32.dll
C:\WINDOWS\javafb.dll
C:\WINDOWS\javapq.dll
C:\WINDOWS\javasg32.dll
C:\WINDOWS\mfcbr32.dll
C:\WINDOWS\mfcec.dll
C:\WINDOWS\mfchp32.dll
C:\WINDOWS\mfcjx.dll
C:\WINDOWS\mfclw.dll
C:\WINDOWS\mfcmp32.dll
C:\WINDOWS\msgu32(10).dll
C:\WINDOWS\msgu32(11).dll
C:\WINDOWS\msgu32(12).dll
C:\WINDOWS\msgu32(13).dll
C:\WINDOWS\msgu32(14).dll
C:\WINDOWS\msgu32(15).dll
C:\WINDOWS\msgu32(16).dll
C:\WINDOWS\msgu32(17).dll
C:\WINDOWS\msgu32(18)(2).dll
C:\WINDOWS\msgu32(18).dll
C:\WINDOWS\msgu32(19)(2).dll
C:\WINDOWS\msgu32(19).dll
C:\WINDOWS\msgu32(2).dll
C:\WINDOWS\msgu32(20)(2).dll
C:\WINDOWS\msgu32(20).dll
C:\WINDOWS\msgu32(21).dll
C:\WINDOWS\msgu32(22).dll
C:\WINDOWS\msgu32(23).dll
C:\WINDOWS\msgu32(24).dll
C:\WINDOWS\msgu32(25).dll
C:\WINDOWS\msgu32(26).dll
C:\WINDOWS\msgu32(27).dll
C:\WINDOWS\msgu32(28).dll
C:\WINDOWS\msgu32(29).dll
C:\WINDOWS\msgu32(3).dll
C:\WINDOWS\msgu32(30).dll
C:\WINDOWS\msgu32(31).dll
C:\WINDOWS\msgu32(32).dll
C:\WINDOWS\msgu32(33).dll
C:\WINDOWS\msgu32(34).dll
C:\WINDOWS\msgu32(35).dll
C:\WINDOWS\msgu32(36).dll
C:\WINDOWS\msgu32(4).dll
C:\WINDOWS\msgu32(5).dll
C:\WINDOWS\msgu32(6).dll
C:\WINDOWS\msgu32(7).dll
C:\WINDOWS\msgu32(8).dll
C:\WINDOWS\msgu32(9).dll
C:\WINDOWS\msgu32.dll
C:\WINDOWS\msxv.dll
C:\WINDOWS\netoo.dll
C:\WINDOWS\ntqa32.dll
C:\WINDOWS\ntrh.dll
C:\WINDOWS\n_cdscpj.dat
C:\WINDOWS\n_cvavvw.txt
C:\WINDOWS\n_eaqwrg.dat
C:\WINDOWS\n_esqodd.dat
C:\WINDOWS\n_fuiaxf.txt
C:\WINDOWS\n_gvzteh.dat
C:\WINDOWS\n_gzxutn.txt
C:\WINDOWS\n_hgcawo.dat
C:\WINDOWS\n_ipobul.txt
C:\WINDOWS\n_kpbint.txt
C:\WINDOWS\n_mnfarp.dat
C:\WINDOWS\n_ncoqsp.txt
C:\WINDOWS\n_nnvxaj.dat
C:\WINDOWS\n_nyhqzx.txt
C:\WINDOWS\n_pmwzhy.dat
C:\WINDOWS\n_pwxquq.dat
C:\WINDOWS\n_qjltkf.txt
C:\WINDOWS\n_racscd.dat
C:\WINDOWS\n_rhdcyn.txt
C:\WINDOWS\n_ufurch.dat
C:\WINDOWS\n_uqbcsn.txt
C:\WINDOWS\n_uyuqtj.dat
C:\WINDOWS\n_xsotds.txt
C:\WINDOWS\n_xvuwpe.dat
C:\WINDOWS\n_yocypy.dat
C:\WINDOWS\n_yzwxiy.dat
C:\WINDOWS\n_zvpity.dat
C:\WINDOWS\sdkdw32.dll
C:\WINDOWS\sdkwp32.dll
C:\WINDOWS\sdkzq.dll
C:\WINDOWS\sysaw32.dll
C:\WINDOWS\syscp.dll
C:\WINDOWS\sysjy.dll
C:\WINDOWS\SYSTEM32\addsq32.dll
C:\WINDOWS\SYSTEM32\addtt.dll
C:\WIN
End of killbox files

Post a new HJT.Log

Kc

0

#14
rob p

Posted 01 April 2005 - 04:25 PM

rob p

Member

Topic Starter

Member

15 posts

Here are my logs--after I post this, I'll run killbox
Thanks.

HJT--

Logfile of HijackThis v1.99.1
Scan saved at 3:28:43 PM, on 4/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Robert\Desktop\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

ABLog--

Scanned at: 12:09:17 PM on: 3/31/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

Removed Data Streams:
C:\WINDOWS\atlkv32.dll:qwich
C:\WINDOWS\crls(31).dll:pzxph
C:\WINDOWS\crls.dll:pzxph
C:\WINDOWS\einit.ini:duhws
C:\WINDOWS\icccodes.dll:vdqub
C:\WINDOWS\iebe32.dll:oeaad
C:\WINDOWS\Kpsharp(10).dll:qiqtr
C:\WINDOWS\Kpsharp(10).dll:qiqtr
C:\WINDOWS\Kpsharp(11).dll:qiqtr
C:\WINDOWS\Kpsharp(11).dll:qiqtr
C:\WINDOWS\Kpsharp(12).dll:qiqtr
C:\WINDOWS\Kpsharp(12).dll:qiqtr
C:\WINDOWS\Kpsharp(13).dll:qiqtr
C:\WINDOWS\Kpsharp(13).dll:qiqtr
C:\WINDOWS\Kpsharp(14).dll:qiqtr
C:\WINDOWS\Kpsharp(14).dll:qiqtr
C:\WINDOWS\Kpsharp(15).dll:qiqtr
C:\WINDOWS\Kpsharp(15).dll:qiqtr
C:\WINDOWS\Kpsharp(16).dll:qiqtr
C:\WINDOWS\Kpsharp(16).dll:qiqtr
C:\WINDOWS\Kpsharp(17).dll:qiqtr
C:\WINDOWS\Kpsharp(17).dll:qiqtr
C:\WINDOWS\Kpsharp(18)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(18)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(18).dll:qiqtr
C:\WINDOWS\Kpsharp(18).dll:qiqtr
C:\WINDOWS\Kpsharp(19)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(19)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(19).dll:qiqtr
C:\WINDOWS\Kpsharp(19).dll:qiqtr
C:\WINDOWS\Kpsharp(2).dll:qiqtr
C:\WINDOWS\Kpsharp(2).dll:qiqtr
C:\WINDOWS\Kpsharp(20)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(20)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(20).dll:qiqtr
C:\WINDOWS\Kpsharp(20).dll:qiqtr
C:\WINDOWS\Kpsharp(21).dll:qiqtr
C:\WINDOWS\Kpsharp(21).dll:qiqtr
C:\WINDOWS\Kpsharp(22).dll:qiqtr
C:\WINDOWS\Kpsharp(22).dll:qiqtr
C:\WINDOWS\Kpsharp(23).dll:qiqtr
C:\WINDOWS\Kpsharp(23).dll:qiqtr
C:\WINDOWS\Kpsharp(24).dll:qiqtr
C:\WINDOWS\Kpsharp(24).dll:qiqtr
C:\WINDOWS\Kpsharp(25).dll:qiqtr
C:\WINDOWS\Kpsharp(25).dll:qiqtr
C:\WINDOWS\Kpsharp(26).dll:qiqtr
C:\WINDOWS\Kpsharp(26).dll:qiqtr
C:\WINDOWS\Kpsharp(27).dll:qiqtr
C:\WINDOWS\Kpsharp(27).dll:qiqtr
C:\WINDOWS\Kpsharp(28).dll:qiqtr
C:\WINDOWS\Kpsharp(28).dll:qiqtr
C:\WINDOWS\Kpsharp(29).dll:qiqtr
C:\WINDOWS\Kpsharp(29).dll:qiqtr
C:\WINDOWS\Kpsharp(3).dll:qiqtr
C:\WINDOWS\Kpsharp(3).dll:qiqtr
C:\WINDOWS\Kpsharp(30).dll:qiqtr
C:\WINDOWS\Kpsharp(30).dll:qiqtr
C:\WINDOWS\Kpsharp(31).dll:qiqtr
C:\WINDOWS\Kpsharp(31).dll:qiqtr
C:\WINDOWS\Kpsharp(32).dll:qiqtr
C:\WINDOWS\Kpsharp(32).dll:qiqtr
C:\WINDOWS\Kpsharp(33).dll:qiqtr
C:\WINDOWS\Kpsharp(33).dll:qiqtr
C:\WINDOWS\Kpsharp(34).dll:qiqtr
C:\WINDOWS\Kpsharp(34).dll:qiqtr
C:\WINDOWS\Kpsharp(35).dll:qiqtr
C:\WINDOWS\Kpsharp(35).dll:qiqtr
C:\WINDOWS\Kpsharp(36).dll:qiqtr
C:\WINDOWS\Kpsharp(36).dll:qiqtr
C:\WINDOWS\Kpsharp(4).dll:qiqtr
C:\WINDOWS\Kpsharp(4).dll:qiqtr
C:\WINDOWS\Kpsharp(5).dll:qiqtr
C:\WINDOWS\Kpsharp(5).dll:qiqtr
C:\WINDOWS\Kpsharp(6).dll:qiqtr
C:\WINDOWS\Kpsharp(6).dll:qiqtr
C:\WINDOWS\Kpsharp(7).dll:qiqtr
C:\WINDOWS\Kpsharp(7).dll:qiqtr
C:\WINDOWS\Kpsharp(8).dll:qiqtr
C:\WINDOWS\Kpsharp(8).dll:qiqtr
C:\WINDOWS\Kpsharp(9).dll:qiqtr
C:\WINDOWS\Kpsharp(9).dll:qiqtr
C:\WINDOWS\Kpsharp.dll:qiqtr
C:\WINDOWS\Kpsharp.dll:qiqtr
C:\WINDOWS\msgu32(31).dll:ojoyh
C:\WINDOWS\msgu32(32).dll:ojoyh
C:\WINDOWS\msgu32(33).dll:ojoyh
C:\WINDOWS\msgu32(34).dll:ojoyh
C:\WINDOWS\msgu32(35).dll:ojoyh
C:\WINDOWS\msgu32(36).dll:ojoyh
C:\WINDOWS\msgu32.dll:ojoyh
C:\WINDOWS\notepad.exe:pbgrn
C:\WINDOWS\ntqa32.dll:wgjey
C:\WINDOWS\n_hxbuxl.dat:uqyqi
C:\WINDOWS\ODBCINST(3).INI:xiczz
C:\WINDOWS\ODBCINST(4).INI:xiczz
C:\WINDOWS\Rtcwplat.INI:xhzdd
C:\WINDOWS\SBWIN.INI:qhsif
C:\WINDOWS\SBWIN.INI:qhsif
C:\WINDOWS\twain_32.dll:rjuow
C:\WINDOWS\uneng.exe:kjncq
C:\WINDOWS\Unnero.exe:ckght
C:\WINDOWS\Unnero.exe:ckght

Removed 4 Random Key Entries
Removed! : C:\WINDOWS\atlrq32.exe
Removed! : C:\WINDOWS\iepi.exe
Removed! : C:\WINDOWS\netdm.exe
Removed! : C:\WINDOWS\system32\atlux.exe
Removed! : C:\WINDOWS\system32\ntfb32.exe
Removed! : C:\WINDOWS\system32\nttq.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

Removed Data Streams:
C:\WINDOWS\atlkv32.dll:qwich
C:\WINDOWS\crls(31).dll:pzxph
C:\WINDOWS\crls.dll:pzxph
C:\WINDOWS\einit.ini:duhws
C:\WINDOWS\icccodes.dll:vdqub
C:\WINDOWS\iebe32.dll:oeaad
C:\WINDOWS\Kpsharp(10).dll:qiqtr
C:\WINDOWS\Kpsharp(10).dll:qiqtr
C:\WINDOWS\Kpsharp(11).dll:qiqtr
C:\WINDOWS\Kpsharp(11).dll:qiqtr
C:\WINDOWS\Kpsharp(12).dll:qiqtr
C:\WINDOWS\Kpsharp(12).dll:qiqtr
C:\WINDOWS\Kpsharp(13).dll:qiqtr
C:\WINDOWS\Kpsharp(13).dll:qiqtr
C:\WINDOWS\Kpsharp(14).dll:qiqtr
C:\WINDOWS\Kpsharp(14).dll:qiqtr
C:\WINDOWS\Kpsharp(15).dll:qiqtr
C:\WINDOWS\Kpsharp(15).dll:qiqtr
C:\WINDOWS\Kpsharp(16).dll:qiqtr
C:\WINDOWS\Kpsharp(16).dll:qiqtr
C:\WINDOWS\Kpsharp(17).dll:qiqtr
C:\WINDOWS\Kpsharp(17).dll:qiqtr
C:\WINDOWS\Kpsharp(18)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(18)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(18).dll:qiqtr
C:\WINDOWS\Kpsharp(18).dll:qiqtr
C:\WINDOWS\Kpsharp(19)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(19)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(19).dll:qiqtr
C:\WINDOWS\Kpsharp(19).dll:qiqtr
C:\WINDOWS\Kpsharp(2).dll:qiqtr
C:\WINDOWS\Kpsharp(2).dll:qiqtr
C:\WINDOWS\Kpsharp(20)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(20)(2).dll:qiqtr
C:\WINDOWS\Kpsharp(20).dll:qiqtr
C:\WINDOWS\Kpsharp(20).dll:qiqtr
C:\WINDOWS\Kpsharp(21).dll:qiqtr
C:\WINDOWS\Kpsharp(21).dll:qiqtr
C:\WINDOWS\Kpsharp(22).dll:qiqtr
C:\WINDOWS\Kpsharp(22).dll:qiqtr
C:\WINDOWS\Kpsharp(23).dll:qiqtr
C:\WINDOWS\Kpsharp(23).dll:qiqtr
C:\WINDOWS\Kpsharp(24).dll:qiqtr
C:\WINDOWS\Kpsharp(24).dll:qiqtr
C:\WINDOWS\Kpsharp(25).dll:qiqtr
C:\WINDOWS\Kpsharp(25).dll:qiqtr
C:\WINDOWS\Kpsharp(26).dll:qiqtr
C:\WINDOWS\Kpsharp(26).dll:qiqtr
C:\WINDOWS\Kpsharp(27).dll:qiqtr
C:\WINDOWS\Kpsharp(27).dll:qiqtr
C:\WINDOWS\Kpsharp(28).dll:qiqtr
C:\WINDOWS\Kpsharp(28).dll:qiqtr
C:\WINDOWS\Kpsharp(29).dll:qiqtr
C:\WINDOWS\Kpsharp(29).dll:qiqtr
C:\WINDOWS\Kpsharp(3).dll:qiqtr
C:\WINDOWS\Kpsharp(3).dll:qiqtr
C:\WINDOWS\Kpsharp(30).dll:qiqtr
C:\WINDOWS\Kpsharp(30).dll:qiqtr
C:\WINDOWS\Kpsharp(31).dll:qiqtr
C:\WINDOWS\Kpsharp(31).dll:qiqtr
C:\WINDOWS\Kpsharp(32).dll:qiqtr
C:\WINDOWS\Kpsharp(32).dll:qiqtr
C:\WINDOWS\Kpsharp(33).dll:qiqtr
C:\WINDOWS\Kpsharp(33).dll:qiqtr
C:\WINDOWS\Kpsharp(34).dll:qiqtr
C:\WINDOWS\Kpsharp(34).dll:qiqtr
C:\WINDOWS\Kpsharp(35).dll:qiqtr
C:\WINDOWS\Kpsharp(35).dll:qiqtr
C:\WINDOWS\Kpsharp(36).dll:qiqtr
C:\WINDOWS\Kpsharp(36).dll:qiqtr
C:\WINDOWS\Kpsharp(4).dll:qiqtr
C:\WINDOWS\Kpsharp(4).dll:qiqtr
C:\WINDOWS\Kpsharp(5).dll:qiqtr
C:\WINDOWS\Kpsharp(5).dll:qiqtr
C:\WINDOWS\Kpsharp(6).dll:qiqtr
C:\WINDOWS\Kpsharp(6).dll:qiqtr
C:\WINDOWS\Kpsharp(7).dll:qiqtr
C:\WINDOWS\Kpsharp(7).dll:qiqtr
C:\WINDOWS\Kpsharp(8).dll:qiqtr
C:\WINDOWS\Kpsharp(8).dll:qiqtr
C:\WINDOWS\Kpsharp(9).dll:qiqtr
C:\WINDOWS\Kpsharp(9).dll:qiqtr
C:\WINDOWS\Kpsharp.dll:qiqtr
C:\WINDOWS\Kpsharp.dll:qiqtr
C:\WINDOWS\msgu32(31).dll:ojoyh
C:\WINDOWS\msgu32(32).dll:ojoyh
C:\WINDOWS\msgu32(33).dll:ojoyh
C:\WINDOWS\msgu32(34).dll:ojoyh
C:\WINDOWS\msgu32(35).dll:ojoyh
C:\WINDOWS\msgu32(36).dll:ojoyh
C:\WINDOWS\msgu32.dll:ojoyh
C:\WINDOWS\notepad.exe:pbgrn
C:\WINDOWS\ntqa32.dll:wgjey
C:\WINDOWS\n_hxbuxl.dat:uqyqi
C:\WINDOWS\ODBCINST(3).INI:xiczz
C:\WINDOWS\ODBCINST(4).INI:xiczz
C:\WINDOWS\Rtcwplat.INI:xhzdd
C:\WINDOWS\SBWIN.INI:qhsif
C:\WINDOWS\SBWIN.INI:qhsif
C:\WINDOWS\twain_32.dll:rjuow
C:\WINDOWS\uneng.exe:kjncq
C:\WINDOWS\Unnero.exe:ckght
C:\WINDOWS\Unnero.exe:ckght

Attempted Clean Of Temp folder.
Pages Reset... Done!

Scanned at: 5:11:13 PM on: 3/31/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Removed 4 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

Scanned at: 3:56:51 PM on: 4/1/2005

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 25

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

0

#15
rob p

Posted 01 April 2005 - 09:35 PM

rob p

Member

Topic Starter

Member

15 posts

New HJT log--

Logfile of HijackThis v1.99.1
Scan saved at 9:28:59 PM, on 4/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Robert\Desktop\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

0

Page 1 of 2

1

2

Next

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Reply to quoted posts Clear

Geeks to Go Community

→ Security

→ Virus, Spyware, Malware Removal

As Featured On:

Geeks to Go Blog

Community

Sign In

Create Account

Geeks to Go Forum 343,327 topics
Quick Links FAQ Malware Cleaning Guide How it Works

Downloads 2+ million
-->

Search Advanced

Search section:

Google
This topic

Forums

Members

Help Files

Downloads

View New Content

dr watson postmorten debugger [resolved]

#1 rob p Posted 30 March 2005 - 03:23 PM

Advertisements

#2 Guest_thatman_* Posted 30 March 2005 - 04:20 PM

#3 rob p Posted 30 March 2005 - 09:47 PM

#4 Guest_thatman_* Posted 31 March 2005 - 02:33 AM

#5 rob p Posted 31 March 2005 - 02:12 PM

#6 Guest_thatman_* Posted 31 March 2005 - 03:08 PM

#7 rob p Posted 31 March 2005 - 06:08 PM

#8 Guest_thatman_* Posted 01 April 2005 - 02:17 AM

#9 rob p Posted 01 April 2005 - 09:52 AM

#10 rob p Posted 01 April 2005 - 09:55 AM

Advertisements

#11 Guest_thatman_* Posted 01 April 2005 - 10:15 AM

#12 Guest_thatman_* Posted 01 April 2005 - 10:33 AM

#13 Guest_thatman_* Posted 01 April 2005 - 11:03 AM

#14 rob p Posted 01 April 2005 - 04:25 PM

#15 rob p Posted 01 April 2005 - 09:35 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
rob p

Posted 30 March 2005 - 03:23 PM

#2
Guest_thatman_*

Posted 30 March 2005 - 04:20 PM

#3
rob p

Posted 30 March 2005 - 09:47 PM

#4
Guest_thatman_*

Posted 31 March 2005 - 02:33 AM

#5
rob p

Posted 31 March 2005 - 02:12 PM

#6
Guest_thatman_*

Posted 31 March 2005 - 03:08 PM

#7
rob p

Posted 31 March 2005 - 06:08 PM

#8
Guest_thatman_*

Posted 01 April 2005 - 02:17 AM

#9
rob p

Posted 01 April 2005 - 09:52 AM

#10
rob p

Posted 01 April 2005 - 09:55 AM

#11
Guest_thatman_*

Posted 01 April 2005 - 10:15 AM

#12
Guest_thatman_*

Posted 01 April 2005 - 10:33 AM

#13
Guest_thatman_*

Posted 01 April 2005 - 11:03 AM

#14
rob p

Posted 01 April 2005 - 04:25 PM

#15
rob p

Posted 01 April 2005 - 09:35 PM